* [PATCH v2 1/4] x509: add support for rsa-pss
2021-04-07 2:56 [PATCH 0/5] crypto: add rsa pss support for x509 Hongbo Li
@ 2021-04-07 2:57 ` Hongbo Li
2021-04-07 2:57 ` [PATCH v2 2/4] crypto: support rsa-pss encoding Hongbo Li
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Hongbo Li @ 2021-04-07 2:57 UTC (permalink / raw)
To: keyrings, linux-crypto, herbert, dhowells, zohar, jarkko, herberthbli
Cc: linux-kernel, linux-integrity, Hongbo Li
This patch make x509 support rsa-pss, because the sha algo is
in paramters, so we need to parse the sha parameter, and skip
other params.
Signed-off-by: Hongbo Li <herbert.tencent@gmail.com>
---
crypto/asymmetric_keys/Makefile | 7 ++-
crypto/asymmetric_keys/public_key.c | 5 ++
crypto/asymmetric_keys/x509_cert_parser.c | 71 ++++++++++++++++++++++++--
crypto/asymmetric_keys/x509_rsapss_params.asn1 | 19 +++++++
include/linux/oid_registry.h | 2 +
5 files changed, 99 insertions(+), 5 deletions(-)
create mode 100644 crypto/asymmetric_keys/x509_rsapss_params.asn1
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 28b91ad..9092de7 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -20,15 +20,20 @@ obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
x509_key_parser-y := \
x509.asn1.o \
x509_akid.asn1.o \
+ x509_rsapss_params.asn1.o \
x509_cert_parser.o \
x509_public_key.o
$(obj)/x509_cert_parser.o: \
$(obj)/x509.asn1.h \
- $(obj)/x509_akid.asn1.h
+ $(obj)/x509_akid.asn1.h \
+ $(obj)/x509_rsapss_params.asn1.h
+
$(obj)/x509.asn1.o: $(obj)/x509.asn1.c $(obj)/x509.asn1.h
$(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h
+$(obj)/x509_rsapss_params.asn1.o: \
+ $(obj)/x509_rsapss_params.asn1.c $(obj)/x509_rsapss_params.asn1.h
#
# PKCS#8 private key handling
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 4fefb21..8f16d4d 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -84,6 +84,11 @@ int software_key_determine_akcipher(const char *encoding,
"pkcs1pad(%s,%s)",
pkey->pkey_algo, hash_algo);
return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
+ } else if (strcmp(encoding, "pss") == 0) {
+ n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
+ "psspad(%s)",
+ pkey->pkey_algo);
+ return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
}
if (strcmp(encoding, "raw") == 0 ||
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 6d00309..c2e5437 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -15,6 +15,7 @@
#include "x509_parser.h"
#include "x509.asn1.h"
#include "x509_akid.asn1.h"
+#include "x509_rsapss_params.asn1.h"
struct x509_parse_context {
struct x509_certificate *cert; /* Certificate being constructed */
@@ -115,6 +116,17 @@ struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
cert->pub->paramlen = ctx->params_size;
cert->pub->algo = ctx->key_algo;
+ if (!strcmp(cert->sig->pkey_algo, "rsa") &&
+ !strcmp(cert->sig->encoding, "pss") &&
+ cert->pub->paramlen) {
+ ret = asn1_ber_decoder(&x509_rsapss_params_decoder, ctx,
+ cert->pub->params, cert->pub->paramlen);
+ if (ret < 0) {
+ pr_warn("Couldn't decode rsapss params\n");
+ goto error_decode;
+ }
+ }
+
/* Grab the signature bits */
ret = x509_get_sig_params(cert);
if (ret < 0)
@@ -211,6 +223,10 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
ctx->cert->sig->hash_algo = "sha1";
goto rsa_pkcs1;
+ case OID_rsa_pss:
+ ctx->cert->sig->hash_algo = "sha1";
+ goto rsa_pss;
+
case OID_sha256WithRSAEncryption:
ctx->cert->sig->hash_algo = "sha256";
goto rsa_pkcs1;
@@ -265,6 +281,11 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
ctx->cert->sig->encoding = "pkcs1";
ctx->algo_oid = ctx->last_oid;
return 0;
+rsa_pss:
+ ctx->cert->sig->pkey_algo = "rsa";
+ ctx->cert->sig->encoding = "pss";
+ ctx->algo_oid = ctx->last_oid;
+ return 0;
ecrdsa:
ctx->cert->sig->pkey_algo = "ecrdsa";
ctx->cert->sig->encoding = "raw";
@@ -466,17 +487,59 @@ int x509_note_params(void *context, size_t hdrlen,
struct x509_parse_context *ctx = context;
/*
- * AlgorithmIdentifier is used three times in the x509, we should skip
- * first and ignore third, using second one which is after subject and
- * before subjectPublicKey.
+ * AlgorithmIdentifier is used three times in the x509,
+ * rsapss:
+ * we skip first(same as third) and second(may omit params).
+ * others:
+ * we should skip first and ignore third, using second one
+ * which is after subject and before subjectPublicKey.
*/
- if (!ctx->cert->raw_subject || ctx->key)
+ if (!ctx->cert->raw_subject) {
+ return 0;
+ } else if (strcmp(ctx->cert->sig->pkey_algo, "rsa") ||
+ strcmp(ctx->cert->sig->encoding, "pss")) {
+ if (ctx->key)
+ return 0;
+ } else if (!ctx->key) {
return 0;
+ }
+
ctx->params = value - hdrlen;
ctx->params_size = vlen + hdrlen;
return 0;
}
+int x509_note_rsapss_hash(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct x509_parse_context *ctx = context;
+ enum OID oid;
+
+ oid = look_up_OID(value, vlen);
+ switch (oid) {
+ case OID_sha1:
+ ctx->cert->sig->hash_algo = "sha1";
+ break;
+ case OID_sha224:
+ ctx->cert->sig->hash_algo = "sha224";
+ break;
+ case OID_sha256:
+ ctx->cert->sig->hash_algo = "sha256";
+ break;
+ case OID_sha384:
+ ctx->cert->sig->hash_algo = "sha384";
+ break;
+ case OID_sha512:
+ ctx->cert->sig->hash_algo = "sha512";
+ break;
+ default:
+ return -ENOPKG;
+ }
+
+ return 0;
+}
+
/*
* Extract the data for the public key algorithm
*/
diff --git a/crypto/asymmetric_keys/x509_rsapss_params.asn1 b/crypto/asymmetric_keys/x509_rsapss_params.asn1
new file mode 100644
index 0000000..d49166e
--- /dev/null
+++ b/crypto/asymmetric_keys/x509_rsapss_params.asn1
@@ -0,0 +1,19 @@
+RSAPSS_Params ::= SEQUENCE {
+ hashAlgorithm [0] HashAlgorithm OPTIONAL,
+ maskGenAlgorithm [1] MaskGenAlgorithm OPTIONAL,
+ saltLen [2] INTEGER OPTIONAL,
+ trailerField [3] INTEGER OPTIONAL
+ }
+
+HashAlgorithm ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER ({ x509_note_rsapss_hash })
+ }
+
+MaskGenAlgorithm ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ hashAlgorithm MgfHashAlgorithm
+ }
+
+MgfHashAlgorithm ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER
+ }
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index cc64d94..f6eb783 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -34,6 +34,8 @@ enum OID {
OID_md3WithRSAEncryption, /* 1.2.840.113549.1.1.3 */
OID_md4WithRSAEncryption, /* 1.2.840.113549.1.1.4 */
OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */
+ OID_rsa_mgf1, /* 1.2.840.113549.1.1.8 */
+ OID_rsa_pss, /* 1.2.840.113549.1.1.10 */
OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */
OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */
OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 2/4] crypto: support rsa-pss encoding
2021-04-07 2:56 [PATCH 0/5] crypto: add rsa pss support for x509 Hongbo Li
2021-04-07 2:57 ` [PATCH v2 1/4] x509: add support for rsa-pss Hongbo Li
@ 2021-04-07 2:57 ` Hongbo Li
2021-04-08 7:41 ` kernel test robot
2021-04-07 2:57 ` [PATCH v2 3/4] crypto: add rsa pss test vector Hongbo Li
2021-04-07 2:57 ` [PATCH v2 4/4] ima: add support for rsa pss verification Hongbo Li
3 siblings, 1 reply; 6+ messages in thread
From: Hongbo Li @ 2021-04-07 2:57 UTC (permalink / raw)
To: keyrings, linux-crypto, herbert, dhowells, zohar, jarkko, herberthbli
Cc: linux-kernel, linux-integrity, Hongbo Li
This patch add the support of rsa-pss encoding which is described
rfc8017.
Similar to rsa-pkcs1, we create a pss template.
Signed-off-by: Hongbo Li <herbert.tencent@gmail.com>
---
crypto/Makefile | 7 ++-
crypto/rsa.c | 14 ++---
crypto/rsa_helper.c | 127 ++++++++++++++++++++++++++++++++++++++++++
crypto/rsapss_params.asn1 | 21 +++++++
include/crypto/internal/rsa.h | 25 ++++++++-
5 files changed, 185 insertions(+), 9 deletions(-)
create mode 100644 crypto/rsapss_params.asn1
diff --git a/crypto/Makefile b/crypto/Makefile
index 10526d4..2c65744 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -33,13 +33,18 @@ obj-$(CONFIG_CRYPTO_DH) += dh_generic.o
$(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h
$(obj)/rsaprivkey.asn1.o: $(obj)/rsaprivkey.asn1.c $(obj)/rsaprivkey.asn1.h
-$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h
+$(obj)/rsapss_params.asn1.o: $(obj)/rsapss_params.asn1.c \
+ $(obj)/rsapss_params.asn1.h
+$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h \
+ $(obj)/rsapss_params.asn1.h
rsa_generic-y := rsapubkey.asn1.o
rsa_generic-y += rsaprivkey.asn1.o
+rsa_generic-y += rsapss_params.asn1.o
rsa_generic-y += rsa.o
rsa_generic-y += rsa_helper.o
rsa_generic-y += rsa-pkcs1pad.o
+rsa_generic-y += rsa-psspad.o
obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o
$(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4cdbec9..adc9b2d2 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -6,18 +6,11 @@
*/
#include <linux/module.h>
-#include <linux/mpi.h>
#include <crypto/internal/rsa.h>
#include <crypto/internal/akcipher.h>
#include <crypto/akcipher.h>
#include <crypto/algapi.h>
-struct rsa_mpi_key {
- MPI n;
- MPI e;
- MPI d;
-};
-
/*
* RSAEP function [RFC3447 sec 5.1.1]
* c = m^e mod n;
@@ -269,12 +262,19 @@ static int rsa_init(void)
return err;
}
+ err = crypto_register_template(&rsa_psspad_tmpl);
+ if (err) {
+ crypto_unregister_akcipher(&rsa);
+ return err;
+ }
+
return 0;
}
static void rsa_exit(void)
{
crypto_unregister_template(&rsa_pkcs1pad_tmpl);
+ crypto_unregister_template(&rsa_psspad_tmpl);
crypto_unregister_akcipher(&rsa);
}
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 94266f2..912d975 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -12,6 +12,7 @@
#include <crypto/internal/rsa.h>
#include "rsapubkey.asn1.h"
#include "rsaprivkey.asn1.h"
+#include "rsapss_params.asn1.h"
int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
const void *value, size_t vlen)
@@ -148,6 +149,115 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
return 0;
}
+int rsa_get_pss_hash(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_pss_ctx *ctx = context;
+ enum OID oid;
+
+ if (!value || !vlen)
+ return -EINVAL;
+
+ oid = look_up_OID(value, vlen);
+ switch (oid) {
+ case OID_sha1:
+ ctx->hash_algo = "sha1";
+ break;
+ case OID_sha224:
+ ctx->hash_algo = "sha224";
+ break;
+ case OID_sha256:
+ ctx->hash_algo = "sha256";
+ break;
+ case OID_sha384:
+ ctx->hash_algo = "sha384";
+ break;
+ case OID_sha512:
+ ctx->hash_algo = "sha512";
+ break;
+ default:
+ return -ENOPKG;
+
+ }
+
+ return 0;
+}
+
+int rsa_get_pss_mgf(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_pss_ctx *ctx = context;
+ enum OID oid;
+
+ if (!value || !vlen)
+ return -EINVAL;
+
+ oid = look_up_OID(value, vlen);
+ if (oid != OID_rsa_mgf1)
+ return -ENOPKG;
+ ctx->mgf_algo = "mgf1";
+
+ return 0;
+}
+
+int rsa_get_pss_mgf_hash(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_pss_ctx *ctx = context;
+ enum OID oid;
+
+ if (!value || !vlen)
+ return -EINVAL;
+ /* todo, merge with get_pss_hash */
+ oid = look_up_OID(value, vlen);
+ switch (oid) {
+ case OID_sha1:
+ ctx->mgf_hash_algo = "sha1";
+ break;
+ case OID_sha224:
+ ctx->mgf_hash_algo = "sha224";
+ break;
+ case OID_sha256:
+ ctx->mgf_hash_algo = "sha256";
+ break;
+ case OID_sha384:
+ ctx->mgf_hash_algo = "sha384";
+ break;
+ case OID_sha512:
+ ctx->mgf_hash_algo = "sha512";
+ break;
+ default:
+ return -ENOPKG;
+ }
+
+ return 0;
+}
+
+int rsa_get_pss_saltlen(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_pss_ctx *ctx = context;
+
+ if (!value || vlen < 1 || vlen > 2)
+ return -EINVAL;
+
+ if (vlen == 1)
+ ctx->salt_len = *(u8 *)value;
+ else if (vlen == 2)
+ ctx->salt_len = ntohs(*(u16 *)value);
+
+ return 0;
+}
+
+int rsa_get_pss_trailerfield(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ if (!value || !vlen || *(u8 *)value != 1)
+ return -EINVAL;
+
+ return 0;
+}
+
/**
* rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
* provided struct rsa_key, pointers to the raw key as is,
@@ -184,3 +294,20 @@ int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
}
EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
+
+/**
+ * rsa_parse_pss_params() - decodes the BER encoded pss padding params
+ *
+ * @ctx: struct rsa_pss_ctx, pss padding context
+ * @params: params in BER format
+ * @params_len: length of params
+ *
+ * Return: 0 on success or error code in case of error
+ */
+int rsa_parse_pss_params(struct rsa_pss_ctx *ctx, const void *params,
+ unsigned int params_len)
+{
+ return asn1_ber_decoder(&rsapss_params_decoder, ctx, params,
+ params_len);
+}
+EXPORT_SYMBOL_GPL(rsa_parse_pss_params);
diff --git a/crypto/rsapss_params.asn1 b/crypto/rsapss_params.asn1
new file mode 100644
index 0000000..4d6b0ba
--- /dev/null
+++ b/crypto/rsapss_params.asn1
@@ -0,0 +1,21 @@
+-- rfc4055 section 3.1.
+
+RSAPSS_Params ::= SEQUENCE {
+ hashAlgorithm [0] HashAlgorithm OPTIONAL,
+ maskGenAlgorithm [1] MaskGenAlgorithm OPTIONAL,
+ saltLen [2] INTEGER OPTIONAL ({ rsa_get_pss_saltlen }),
+ trailerField [3] INTEGER OPTIONAL ({ rsa_get_pss_trailerfield })
+ }
+
+HashAlgorithm ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER ({ rsa_get_pss_hash })
+ }
+
+MaskGenAlgorithm ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER ({ rsa_get_pss_mgf }),
+ hashAlgorithm MgfHashAlgorithm
+ }
+
+MgfHashAlgorithm ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER ({ rsa_get_pss_mgf_hash })
+ }
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index e870133..cfb0801 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -8,6 +8,12 @@
#ifndef _RSA_HELPER_
#define _RSA_HELPER_
#include <linux/types.h>
+#include <linux/mpi.h>
+#include <linux/oid_registry.h>
+#include <crypto/sha2.h>
+
+#define RSA_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
+#define RSA_PSS_DEFAULT_SALT_LEN 20
/**
* rsa_key - RSA key structure
@@ -47,11 +53,28 @@ struct rsa_key {
size_t qinv_sz;
};
+struct rsa_mpi_key {
+ MPI n;
+ MPI e;
+ MPI d;
+};
+
+struct rsa_pss_ctx {
+ struct crypto_akcipher *child;
+ unsigned int key_size;
+ const char *hash_algo;
+ const char *mgf_algo;
+ const char *mgf_hash_algo;
+ u32 salt_len;
+};
+
int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
unsigned int key_len);
int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
unsigned int key_len);
-
+int rsa_parse_pss_params(struct rsa_pss_ctx *ctx, const void *params,
+ unsigned int params_len);
extern struct crypto_template rsa_pkcs1pad_tmpl;
+extern struct crypto_template rsa_psspad_tmpl;
#endif
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 2/4] crypto: support rsa-pss encoding
2021-04-07 2:57 ` [PATCH v2 2/4] crypto: support rsa-pss encoding Hongbo Li
@ 2021-04-08 7:41 ` kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-04-08 7:41 UTC (permalink / raw)
To: Hongbo Li, keyrings, linux-crypto, herbert, dhowells, zohar,
jarkko, herberthbli
Cc: kbuild-all, linux-kernel, linux-integrity, Hongbo Li
[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]
Hi Hongbo,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on cryptodev/master]
[also build test ERROR on crypto/master security/next-testing linus/master v5.12-rc6 next-20210407]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Hongbo-Li/x509-add-support-for-rsa-pss/20210407-115738
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
config: x86_64-rhel-8.3-kselftests (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/7ae494f4046fa7980cf2ee1b40f175355609a9da
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Hongbo-Li/x509-add-support-for-rsa-pss/20210407-115738
git checkout 7ae494f4046fa7980cf2ee1b40f175355609a9da
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
>> make[2]: *** No rule to make target 'crypto/rsa-psspad.o', needed by 'crypto/built-in.a'.
make[2]: Target '__build' not remade because of errors.
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 41476 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 3/4] crypto: add rsa pss test vector
2021-04-07 2:56 [PATCH 0/5] crypto: add rsa pss support for x509 Hongbo Li
2021-04-07 2:57 ` [PATCH v2 1/4] x509: add support for rsa-pss Hongbo Li
2021-04-07 2:57 ` [PATCH v2 2/4] crypto: support rsa-pss encoding Hongbo Li
@ 2021-04-07 2:57 ` Hongbo Li
2021-04-07 2:57 ` [PATCH v2 4/4] ima: add support for rsa pss verification Hongbo Li
3 siblings, 0 replies; 6+ messages in thread
From: Hongbo Li @ 2021-04-07 2:57 UTC (permalink / raw)
To: keyrings, linux-crypto, herbert, dhowells, zohar, jarkko, herberthbli
Cc: linux-kernel, linux-integrity, Hongbo Li
This patch adds the test vector for rsa with pss encoding.
Signed-off-by: Hongbo Li <herbert.tencent@gmail.com>
---
crypto/testmgr.c | 7 +++++
crypto/testmgr.h | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 97 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 10c5b3b..2b07fdb 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5216,6 +5216,13 @@ static int alg_test_null(const struct alg_test_desc *desc,
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ .alg = "psspad(rsa)",
+ .test = alg_test_akcipher,
+ .fips_allowed = 1,
+ .suite = {
+ .akcipher = __VECS(psspad_rsa_tv_template)
+ }
+ }, {
.alg = "poly1305",
.test = alg_test_hash,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 34e4a3d..0402db5 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -1239,6 +1239,96 @@ struct kpp_testvec {
}
};
+/*
+ * RSA PSS test vectors. Obtained from 186-3rsatestvectors.zip
+ */
+static const struct akcipher_testvec psspad_rsa_tv_template[] = {
+ {
+ .key =
+ /* Sequence of n , e */
+ "\x30\x82\x02\x09"
+ /* n */
+ "\x02\x82\x01\x01\x00"
+ "\xc5\x06\x2b\x58\xd8\x53\x9c\x76\x5e\x1e\x5d\xba\xf1\x4c\xf7\x5d"
+ "\xd5\x6c\x2e\x13\x10\x5f\xec\xfd\x1a\x93\x0b\xbb\x59\x48\xff\x32"
+ "\x8f\x12\x6a\xbe\x77\x93\x59\xca\x59\xbc\xa7\x52\xc3\x08\xd2\x81"
+ "\x57\x3b\xc6\x17\x8b\x6c\x0f\xef\x7d\xc4\x45\xe4\xf8\x26\x43\x04"
+ "\x37\xb9\xf9\xd7\x90\x58\x1d\xe5\x74\x9c\x2c\xb9\xcb\x26\xd4\x2b"
+ "\x2f\xee\x15\xb6\xb2\x6f\x09\xc9\x96\x70\x33\x64\x23\xb8\x6b\xc5"
+ "\xbe\xc7\x11\x13\x15\x7b\xe2\xd9\x44\xd7\xff\x3e\xeb\xff\xb2\x84"
+ "\x13\x14\x3e\xa3\x67\x55\xdb\x0a\xe6\x2f\xf5\xb7\x24\xee\xcb\x3d"
+ "\x31\x6b\x6b\xac\x67\xe8\x9c\xac\xd8\x17\x19\x37\xe2\xab\x19\xbd"
+ "\x35\x3a\x89\xac\xea\x8c\x36\xf8\x1c\x89\xa6\x20\xd5\xfd\x2e\xff"
+ "\xea\x89\x66\x01\xc7\xf9\xda\xca\x7f\x03\x3f\x63\x5a\x3a\x94\x33"
+ "\x31\xd1\xb1\xb4\xf5\x28\x87\x90\xb5\x3a\xf3\x52\xf1\x12\x1c\xa1"
+ "\xbe\xf2\x05\xf4\x0d\xc0\x12\xc4\x12\xb4\x0b\xdd\x27\x58\x5b\x94"
+ "\x64\x66\xd7\x5f\x7e\xe0\xa7\xf9\xd5\x49\xb4\xbe\xce\x6f\x43\xac"
+ "\x3e\xe6\x5f\xe7\xfd\x37\x12\x33\x59\xd9\xf1\xa8\x50\xad\x45\x0a"
+ "\xaf\x5c\x94\xeb\x11\xde\xa3\xfc\x0f\xc6\xe9\x85\x6b\x18\x05\xef"
+ /* e */
+ "\x02\x82\x01\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\xc9\x4f",
+ .key_len = 525,
+ .params =
+ "\x30\x30"
+ "\xa0\x0d\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\xa1"
+ "\x1a\x30\x18\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x08\x30\x0b"
+ "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\xa2\x03\x02\x01\x20",
+ .param_len = 50,
+ /*
+ * m is SHA256 hash of following message:
+ * "\xdf\xc2\x26\x04\xb9\x5d\x15\x32\x80\x59\x74\x5c\x6c\x98\xeb"
+ * "\x9d\xfb\x34\x7c\xf9\xf1\x70\xaf\xf1\x9d\xee\xec\x55\x5f\x22"
+ * "\x28\x5a\x67\x06\xc4\xec\xbf\x0f\xb1\x45\x8c\x60\xd9\xbf\x91"
+ * "\x3f\xba\xe6\xf4\xc5\x54\xd2\x45\xd9\x46\xb4\xbc\x5f\x34\xae"
+ * "\xc2\xac\x6b\xe8\xb3\x3d\xc8\xe0\xe3\xa9\xd6\x01\xdf\xd5\x36"
+ * "\x78\xf5\x67\x44\x43\xf6\x7d\xf7\x8a\x3a\x9e\x09\x33\xe5\xf1"
+ * "\x58\xb1\x69\xac\x8d\x1c\x4c\xd0\xfb\x87\x2c\x14\xca\x8e\x00"
+ * "\x1e\x54\x2e\xa0\xf9\xcf\xda\x88\xc4\x2d\xca\xd8\xa7\x40\x97"
+ * "\xa0\x0c\x22\x05\x5b\x0b\xd4\x1f"
+ */
+ .m =
+ "\xb9\x8a\x0d\x22\xe8\x37\xb1\x01\x87\x4a\x5f\x0d\x7a\xd4\x98\x36"
+ "\xe6\x27\x3f\xc7\x5c\xd2\xd0\x73\xdc\x81\xd9\x6f\x05\xf5\x8f\x3c",
+ .m_size = 32,
+ .c =
+ "\x8b\x46\xf2\xc8\x89\xd8\x19\xf8\x60\xaf\x0a\x6c\x4c\x88\x9e\x4d"
+ "\x14\x36\xc6\xca\x17\x44\x64\xd2\x2a\xe1\x1b\x9c\xcc\x26\x5d\x74"
+ "\x3c\x67\xe5\x69\xac\xcb\xc5\xa8\x0d\x4d\xd5\xf1\xbf\x40\x39\xe2"
+ "\x3d\xe5\x2a\xec\xe4\x02\x91\xc7\x5f\x89\x36\xc5\x8c\x9a\x2f\x77"
+ "\xa7\x80\xbb\xe7\xad\x31\xeb\x76\x74\x2f\x7b\x2b\x8b\x14\xca\x1a"
+ "\x71\x96\xaf\x7e\x67\x3a\x3c\xfc\x23\x7d\x50\xf6\x15\xb7\x5c\xf4"
+ "\xa7\xea\x78\xa9\x48\xbe\xda\xf9\x24\x24\x94\xb4\x1e\x1d\xb5\x1f"
+ "\x43\x7f\x15\xfd\x25\x51\xbb\x5d\x24\xee\xfb\x1c\x3e\x60\xf0\x36"
+ "\x94\xd0\x03\x3a\x1e\x0a\x9b\x9f\x5e\x4a\xb9\x7d\x45\x7d\xff\x9b"
+ "\x9d\xa5\x16\xdc\x22\x6d\x6d\x65\x29\x50\x03\x08\xed\x74\xa2\xe6"
+ "\xd9\xf3\xc1\x05\x95\x78\x8a\x52\xa1\xbc\x06\x64\xae\xdf\x33\xef"
+ "\xc8\xba\xdd\x03\x7e\xb7\xb8\x80\x77\x2b\xdb\x04\xa6\x04\x6e\x9e"
+ "\xde\xee\x41\x97\xc2\x55\x07\xfb\x0f\x11\xab\x1c\x9f\x63\xf5\x3c"
+ "\x88\x20\xea\x84\x05\xcf\xd7\x72\x16\x92\x47\x5b\x4d\x72\x35\x5f"
+ "\xa9\xa3\x80\x4f\x29\xe6\xb6\xa7\xb0\x59\xc4\x44\x1d\x54\xb2\x8e"
+ "\x4e\xed\x25\x29\xc6\x10\x3b\x54\x32\xc7\x13\x32\xce\x74\x2b\xcc",
+ .c_size = 256,
+ .public_key_vec = true,
+ .siggen_sigver_test = true,
+ }
+};
+
static const struct kpp_testvec dh_tv_template[] = {
{
.secret =
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 4/4] ima: add support for rsa pss verification
2021-04-07 2:56 [PATCH 0/5] crypto: add rsa pss support for x509 Hongbo Li
` (2 preceding siblings ...)
2021-04-07 2:57 ` [PATCH v2 3/4] crypto: add rsa pss test vector Hongbo Li
@ 2021-04-07 2:57 ` Hongbo Li
3 siblings, 0 replies; 6+ messages in thread
From: Hongbo Li @ 2021-04-07 2:57 UTC (permalink / raw)
To: keyrings, linux-crypto, herbert, dhowells, zohar, jarkko, herberthbli
Cc: linux-kernel, linux-integrity, Hongbo Li
This patch adds support for ima verification for rsa with
pss encoding.
And a patch for ima-evm-utils will be sent later.
Signed-off-by: Hongbo Li <herbert.tencent@gmail.com>
---
security/integrity/digsig_asymmetric.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 23240d7..ef7a51a 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -85,6 +85,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
struct public_key_signature pks;
struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
const struct public_key *pk;
+ struct public_key_signature *cert_sig;
struct key *key;
int ret;
@@ -109,16 +110,21 @@ int asymmetric_verify(struct key *keyring, const char *sig,
pk = asymmetric_key_public_key(key);
pks.pkey_algo = pk->pkey_algo;
- if (!strcmp(pk->pkey_algo, "rsa"))
- pks.encoding = "pkcs1";
- else if (!strncmp(pk->pkey_algo, "ecdsa-", 6))
+ if (!strcmp(pk->pkey_algo, "rsa")) {
+ cert_sig = key->payload.data[asym_auth];
+ if (cert_sig)
+ pks.encoding = cert_sig->encoding;
+ else
+ pks.encoding = "pkcs1";
+ } else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) {
/* edcsa-nist-p192 etc. */
pks.encoding = "x962";
- else if (!strcmp(pk->pkey_algo, "ecrdsa") ||
- !strcmp(pk->pkey_algo, "sm2"))
+ } else if (!strcmp(pk->pkey_algo, "ecrdsa") ||
+ !strcmp(pk->pkey_algo, "sm2")) {
pks.encoding = "raw";
- else
+ } else {
return -ENOPKG;
+ }
pks.digest = (u8 *)data;
pks.digest_size = datalen;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread