[PATCH 0/5] crypto: add rsa pss support for x509

[PATCH 0/5] crypto: add rsa pss support for x509

[Hongbo Li]

From: Hongbo Li <herberthbli@tencent.com>

This series of patches adds support for x509 cert signed by RSA
with PSS encoding method. RSA PSS is described in rfc8017.

This series of patches adds support for x509 cert signed by RSA
with PSS encoding method. RSA PSS is described in rfc8017.

Patch1 make x509 support rsa pss algo and parse hash parameter.

Patch2 add rsa pss template.

Patch3 add test vector for rsa pss.

Patch4 is the ecdsa ima patch borrowed from Stefan Berge's ecdsa
       patch series, rsa-pss's ima patch is made on top of this patch.

Patch5 is the rsa-pss's ima patch.

Test by the following script, it tests different saltlen, hash, mgfhash.

keyctl newring test @u

while :; do
    for modbits in 1024 2048 4096; do
	if [ $modbits -eq 1024 ]; then
	    saltlen=(-1 -2 0 20 32 48 64 94)
	elif [ $modbits -eq 2048 ]; then
	    saltlen=(-1 -2 0 20 32 48 64 222)
	else
	    saltlen=(-1 -2 0 20 32 48 64 478)
	fi

	for slen in ${saltlen[@]}; do
	    for hash in sha1 sha224 sha256 sha384 sha512; do
		for mgfhash in sha1 sha224 sha256 sha384 sha512; do
		    certfile="cert.der"
		    echo slen $slen
		    openssl req \
			    -x509 \
			    -${hash} \
			    -newkey rsa:$modbits \
			    -keyout key.pem \
			    -days 365 \
			    -subj '/CN=test' \
			    -nodes \
			    -sigopt rsa_padding_mode:pss \
			    -sigopt rsa_mgf1_md:$mgfhash \
			    -sigopt rsa_pss_saltlen:${slen} \
			    -outform der \
			    -out ${certfile} 2>/dev/null

		    exp=0
		    id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}")
		    rc=$?
		    if [ $rc -ne $exp ]; then
			case "$exp" in
			    0) echo "Error: Could not load rsa-pss certificate!";;
			esac
			echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen"
			exit 1
		    else
			case "$rc" in
			    0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfhash $mgfhash saltlen $slen"
			esac
		    fi
		done
	    done
	done
    done
done

Hongbo Li (5):
  x509: add support for rsa-pss
  crypto: support rsa-pss encoding
  crypto: add rsa pss test vector
  crypto: ecdsa ima support
  ima: add support for rsa pss verification

 crypto/Makefile                           |   7 +-
 crypto/asymmetric_keys/Makefile           |   7 +-
 crypto/asymmetric_keys/public_key.c       |   5 ++
 crypto/asymmetric_keys/x509_cert_parser.c |  71 ++++++++++++++++-
 crypto/rsa.c                              |  14 ++--
 crypto/rsa_helper.c                       | 127 ++++++++++++++++++++++++++++++
 crypto/testmgr.c                          |   7 ++
 crypto/testmgr.h                          |  87 ++++++++++++++++++++
 include/crypto/internal/rsa.h             |  25 +++++-
 include/keys/asymmetric-type.h            |   6 ++
 include/linux/oid_registry.h              |   2 +
 security/integrity/digsig_asymmetric.c    |  34 ++++----
 12 files changed, 363 insertions(+), 29 deletions(-)

-- 
1.8.3.1

[PATCH 1/5] x509: add support for rsa-pss

[Hongbo Li]

From: Hongbo Li <herberthbli@tencent.com>

This patch make x509 support rsa-pss, because the sha algo is
in signature, so we need to parse the sha parameter, and skip
other params.

Signed-off-by: Hongbo Li <herberthbli@tencent.com>
---
 crypto/asymmetric_keys/Makefile           |  7 ++-
 crypto/asymmetric_keys/public_key.c       |  5 +++
 crypto/asymmetric_keys/x509_cert_parser.c | 71 +++++++++++++++++++++++++++++--
 include/linux/oid_registry.h              |  2 +
 4 files changed, 80 insertions(+), 5 deletions(-)

diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 28b91ad..9092de7 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -20,15 +20,20 @@ obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
 x509_key_parser-y := \
 	x509.asn1.o \
 	x509_akid.asn1.o \
+	x509_rsapss_params.asn1.o \
 	x509_cert_parser.o \
 	x509_public_key.o
 
 $(obj)/x509_cert_parser.o: \
 	$(obj)/x509.asn1.h \
-	$(obj)/x509_akid.asn1.h
+	$(obj)/x509_akid.asn1.h \
+	$(obj)/x509_rsapss_params.asn1.h
+
 
 $(obj)/x509.asn1.o: $(obj)/x509.asn1.c $(obj)/x509.asn1.h
 $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h
+$(obj)/x509_rsapss_params.asn1.o: \
+	$(obj)/x509_rsapss_params.asn1.c $(obj)/x509_rsapss_params.asn1.h
 
 #
 # PKCS#8 private key handling
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 788a4ba..cf049fd 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -83,6 +83,11 @@ int software_key_determine_akcipher(const char *encoding,
 				     "pkcs1pad(%s,%s)",
 				     pkey->pkey_algo, hash_algo);
 		return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
+	} else if (strcmp(encoding, "pss") == 0) {
+		n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
+			     "psspad(%s)",
+			     pkey->pkey_algo);
+		return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
 	}
 
 	if (strcmp(encoding, "raw") == 0) {
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 52c9b45..ec3428d 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -15,6 +15,7 @@
 #include "x509_parser.h"
 #include "x509.asn1.h"
 #include "x509_akid.asn1.h"
+#include "x509_rsapss_params.asn1.h"
 
 struct x509_parse_context {
 	struct x509_certificate	*cert;		/* Certificate being constructed */
@@ -115,6 +116,17 @@ struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
 	cert->pub->paramlen = ctx->params_size;
 	cert->pub->algo = ctx->key_algo;
 
+	if (!strcmp(cert->sig->pkey_algo, "rsa") &&
+	    !strcmp(cert->sig->encoding, "pss") &&
+	    cert->pub->paramlen) {
+		ret = asn1_ber_decoder(&x509_rsapss_params_decoder, ctx,
+				       cert->pub->params, cert->pub->paramlen);
+		if (ret < 0) {
+			pr_warn("Couldn't decode rsapss params\n");
+			goto error_decode;
+		}
+	}
+
 	/* Grab the signature bits */
 	ret = x509_get_sig_params(cert);
 	if (ret < 0)
@@ -211,6 +223,10 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
 		ctx->cert->sig->hash_algo = "sha1";
 		goto rsa_pkcs1;
 
+	case OID_rsa_pss:
+		ctx->cert->sig->hash_algo = "sha1";
+		goto rsa_pss;
+
 	case OID_sha256WithRSAEncryption:
 		ctx->cert->sig->hash_algo = "sha256";
 		goto rsa_pkcs1;
@@ -245,6 +261,11 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
 	ctx->cert->sig->encoding = "pkcs1";
 	ctx->algo_oid = ctx->last_oid;
 	return 0;
+rsa_pss:
+	ctx->cert->sig->pkey_algo = "rsa";
+	ctx->cert->sig->encoding = "pss";
+	ctx->algo_oid = ctx->last_oid;
+	return 0;
 ecrdsa:
 	ctx->cert->sig->pkey_algo = "ecrdsa";
 	ctx->cert->sig->encoding = "raw";
@@ -440,17 +461,59 @@ int x509_note_params(void *context, size_t hdrlen,
 	struct x509_parse_context *ctx = context;
 
 	/*
-	 * AlgorithmIdentifier is used three times in the x509, we should skip
-	 * first and ignore third, using second one which is after subject and
-	 * before subjectPublicKey.
+	 * AlgorithmIdentifier is used three times in the x509,
+	 * rsapss:
+	 * we skip first(same as third) and second(may omit params).
+	 * others:
+	 * we should skip first and ignore third, using second one
+	 * which is after subject and before subjectPublicKey.
 	 */
-	if (!ctx->cert->raw_subject || ctx->key)
+	if (!ctx->cert->raw_subject) {
+		return 0;
+	} else if (strcmp(ctx->cert->sig->pkey_algo, "rsa") ||
+		   strcmp(ctx->cert->sig->encoding, "pss")) {
+		if (ctx->key)
+			return 0;
+	} else if (!ctx->key) {
 		return 0;
+	}
+
 	ctx->params = value - hdrlen;
 	ctx->params_size = vlen + hdrlen;
 	return 0;
 }
 
+int x509_note_rsapss_hash(void *context, size_t hdrlen,
+			  unsigned char tag,
+			  const void *value, size_t vlen)
+{
+	struct x509_parse_context *ctx = context;
+	enum OID oid;
+
+	oid = look_up_OID(value, vlen);
+	switch (oid) {
+	case OID_sha1:
+		ctx->cert->sig->hash_algo = "sha1";
+		break;
+	case OID_sha224:
+		ctx->cert->sig->hash_algo = "sha224";
+		break;
+	case OID_sha256:
+		ctx->cert->sig->hash_algo = "sha256";
+		break;
+	case OID_sha384:
+		ctx->cert->sig->hash_algo = "sha384";
+		break;
+	case OID_sha512:
+		ctx->cert->sig->hash_algo = "sha512";
+		break;
+	default:
+		return -ENOPKG;
+	}
+
+	return 0;
+}
+
 /*
  * Extract the data for the public key algorithm
  */
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2..bb22b84 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -28,6 +28,8 @@ enum OID {
 	OID_md3WithRSAEncryption,	/* 1.2.840.113549.1.1.3 */
 	OID_md4WithRSAEncryption,	/* 1.2.840.113549.1.1.4 */
 	OID_sha1WithRSAEncryption,	/* 1.2.840.113549.1.1.5 */
+	OID_rsa_mgf1,			/* 1.2.840.113549.1.1.8 */
+	OID_rsa_pss,			/* 1.2.840.113549.1.1.10 */
 	OID_sha256WithRSAEncryption,	/* 1.2.840.113549.1.1.11 */
 	OID_sha384WithRSAEncryption,	/* 1.2.840.113549.1.1.12 */
 	OID_sha512WithRSAEncryption,	/* 1.2.840.113549.1.1.13 */
-- 
1.8.3.1

[PATCH 2/5] crypto: support rsa-pss encoding

[Hongbo Li]

From: Hongbo Li <herberthbli@tencent.com>

This patch add the support of rsa-pss encoding which is described
rfc8017.
Similar to rsa-pkcs1, we create a pss template.

Signed-off-by: Hongbo Li <herberthbli@tencent.com>
---
 crypto/Makefile               |   7 ++-
 crypto/rsa.c                  |  14 ++---
 crypto/rsa_helper.c           | 127 ++++++++++++++++++++++++++++++++++++++++++
 include/crypto/internal/rsa.h |  25 ++++++++-
 4 files changed, 164 insertions(+), 9 deletions(-)

diff --git a/crypto/Makefile b/crypto/Makefile
index cf23aff..025a425 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -33,13 +33,18 @@ obj-$(CONFIG_CRYPTO_DH) += dh_generic.o
 
 $(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h
 $(obj)/rsaprivkey.asn1.o: $(obj)/rsaprivkey.asn1.c $(obj)/rsaprivkey.asn1.h
-$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h
+$(obj)/rsapss_params.asn1.o: $(obj)/rsapss_params.asn1.c \
+			     $(obj)/rsapss_params.asn1.h
+$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h \
+		     $(obj)/rsapss_params.asn1.h
 
 rsa_generic-y := rsapubkey.asn1.o
 rsa_generic-y += rsaprivkey.asn1.o
+rsa_generic-y += rsapss_params.asn1.o
 rsa_generic-y += rsa.o
 rsa_generic-y += rsa_helper.o
 rsa_generic-y += rsa-pkcs1pad.o
+rsa_generic-y += rsa-psspad.o
 obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o
 
 $(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4cdbec9..adc9b2d2 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -6,18 +6,11 @@
  */
 
 #include <linux/module.h>
-#include <linux/mpi.h>
 #include <crypto/internal/rsa.h>
 #include <crypto/internal/akcipher.h>
 #include <crypto/akcipher.h>
 #include <crypto/algapi.h>
 
-struct rsa_mpi_key {
-	MPI n;
-	MPI e;
-	MPI d;
-};
-
 /*
  * RSAEP function [RFC3447 sec 5.1.1]
  * c = m^e mod n;
@@ -269,12 +262,19 @@ static int rsa_init(void)
 		return err;
 	}
 
+	err = crypto_register_template(&rsa_psspad_tmpl);
+	if (err) {
+		crypto_unregister_akcipher(&rsa);
+		return err;
+	}
+
 	return 0;
 }
 
 static void rsa_exit(void)
 {
 	crypto_unregister_template(&rsa_pkcs1pad_tmpl);
+	crypto_unregister_template(&rsa_psspad_tmpl);
 	crypto_unregister_akcipher(&rsa);
 }
 
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 94266f2..912d975 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -12,6 +12,7 @@
 #include <crypto/internal/rsa.h>
 #include "rsapubkey.asn1.h"
 #include "rsaprivkey.asn1.h"
+#include "rsapss_params.asn1.h"
 
 int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
 	      const void *value, size_t vlen)
@@ -148,6 +149,115 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
 	return 0;
 }
 
+int rsa_get_pss_hash(void *context, size_t hdrlen, unsigned char tag,
+		     const void *value, size_t vlen)
+{
+	struct rsa_pss_ctx *ctx = context;
+	enum OID oid;
+
+	if (!value || !vlen)
+		return -EINVAL;
+
+	oid = look_up_OID(value, vlen);
+	switch (oid) {
+	case OID_sha1:
+		ctx->hash_algo = "sha1";
+		break;
+	case OID_sha224:
+		ctx->hash_algo = "sha224";
+		break;
+	case OID_sha256:
+		ctx->hash_algo = "sha256";
+		break;
+	case OID_sha384:
+		ctx->hash_algo = "sha384";
+		break;
+	case OID_sha512:
+		ctx->hash_algo = "sha512";
+		break;
+	default:
+		return -ENOPKG;
+
+	}
+
+	return 0;
+}
+
+int rsa_get_pss_mgf(void *context, size_t hdrlen, unsigned char tag,
+		    const void *value, size_t vlen)
+{
+	struct rsa_pss_ctx *ctx = context;
+	enum OID oid;
+
+	if (!value || !vlen)
+		return -EINVAL;
+
+	oid = look_up_OID(value, vlen);
+	if (oid != OID_rsa_mgf1)
+		return -ENOPKG;
+	ctx->mgf_algo = "mgf1";
+
+	return 0;
+}
+
+int rsa_get_pss_mgf_hash(void *context, size_t hdrlen, unsigned char tag,
+			 const void *value, size_t vlen)
+{
+	struct rsa_pss_ctx *ctx = context;
+	enum OID oid;
+
+	if (!value || !vlen)
+		return -EINVAL;
+	/* todo, merge with get_pss_hash */
+	oid = look_up_OID(value, vlen);
+	switch (oid) {
+	case OID_sha1:
+		ctx->mgf_hash_algo = "sha1";
+		break;
+	case OID_sha224:
+		ctx->mgf_hash_algo = "sha224";
+		break;
+	case OID_sha256:
+		ctx->mgf_hash_algo = "sha256";
+		break;
+	case OID_sha384:
+		ctx->mgf_hash_algo = "sha384";
+		break;
+	case OID_sha512:
+		ctx->mgf_hash_algo = "sha512";
+		break;
+	default:
+		return -ENOPKG;
+	}
+
+	return 0;
+}
+
+int rsa_get_pss_saltlen(void *context, size_t hdrlen, unsigned char tag,
+			const void *value, size_t vlen)
+{
+	struct rsa_pss_ctx *ctx = context;
+
+	if (!value || vlen < 1 || vlen > 2)
+		return -EINVAL;
+
+	if (vlen == 1)
+		ctx->salt_len = *(u8 *)value;
+	else if (vlen == 2)
+		ctx->salt_len = ntohs(*(u16 *)value);
+
+	return 0;
+}
+
+int rsa_get_pss_trailerfield(void *context, size_t hdrlen, unsigned char tag,
+			     const void *value, size_t vlen)
+{
+	if (!value || !vlen || *(u8 *)value != 1)
+		return -EINVAL;
+
+	return 0;
+}
+
 /**
  * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
  *                       provided struct rsa_key, pointers to the raw key as is,
@@ -184,3 +294,20 @@ int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
 	return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
 }
 EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
+
+/**
+ * rsa_parse_pss_params() - decodes the BER encoded pss padding params
+ *
+ * @ctx:	struct rsa_pss_ctx, pss padding context
+ * @params:	params in BER format
+ * @params_len:	length of params
+ *
+ * Return:	0 on success or error code in case of error
+ */
+int rsa_parse_pss_params(struct rsa_pss_ctx *ctx, const void *params,
+			 unsigned int params_len)
+{
+	return asn1_ber_decoder(&rsapss_params_decoder, ctx, params,
+				params_len);
+}
+EXPORT_SYMBOL_GPL(rsa_parse_pss_params);
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index e870133..cfb0801 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -8,6 +8,12 @@
 #ifndef _RSA_HELPER_
 #define _RSA_HELPER_
 #include <linux/types.h>
+#include <linux/mpi.h>
+#include <linux/oid_registry.h>
+#include <crypto/sha2.h>
+
+#define RSA_MAX_DIGEST_SIZE		SHA512_DIGEST_SIZE
+#define RSA_PSS_DEFAULT_SALT_LEN	20
 
 /**
  * rsa_key - RSA key structure
@@ -47,11 +53,28 @@ struct rsa_key {
 	size_t qinv_sz;
 };
 
+struct rsa_mpi_key {
+	MPI n;
+	MPI e;
+	MPI d;
+};
+
+struct rsa_pss_ctx {
+	struct crypto_akcipher *child;
+	unsigned int key_size;
+	const char *hash_algo;
+	const char *mgf_algo;
+	const char *mgf_hash_algo;
+	u32 salt_len;
+};
+
 int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
 		      unsigned int key_len);
 
 int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
 		       unsigned int key_len);
-
+int rsa_parse_pss_params(struct rsa_pss_ctx *ctx, const void *params,
+			 unsigned int params_len);
 extern struct crypto_template rsa_pkcs1pad_tmpl;
+extern struct crypto_template rsa_psspad_tmpl;
 #endif
-- 
1.8.3.1

[PATCH 3/5] crypto: add rsa pss test vector

[Hongbo Li]

From: Hongbo Li <herberthbli@tencent.com>

This patch adds the test vector for rsa with pss encoding.

Signed-off-by: Hongbo Li <herberthbli@tencent.com>
---
 crypto/testmgr.c |  7 +++++
 crypto/testmgr.h | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 94 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 9335999..3af3b4f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5194,6 +5194,13 @@ static int alg_test_null(const struct alg_test_desc *desc,
 		.test = alg_test_null,
 		.fips_allowed = 1,
 	}, {
+		.alg = "psspad(rsa)",
+		.test = alg_test_akcipher,
+		.fips_allowed = 1,
+		.suite = {
+			.akcipher = __VECS(psspad_rsa_tv_template)
+		}
+	}, {
 		.alg = "poly1305",
 		.test = alg_test_hash,
 		.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index ced56ea..2f7b252 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -815,6 +815,93 @@ struct kpp_testvec {
 	}
 };
 
+static const struct akcipher_testvec psspad_rsa_tv_template[] = {
+	{
+	.key =
+	/* Sequence of n , e */
+	"\x30\x82\x02\x09"
+	/* n */
+	"\x02\x82\x01\x01\x00"
+	"\xc5\x06\x2b\x58\xd8\x53\x9c\x76\x5e\x1e\x5d\xba\xf1\x4c\xf7\x5d"
+	"\xd5\x6c\x2e\x13\x10\x5f\xec\xfd\x1a\x93\x0b\xbb\x59\x48\xff\x32"
+	"\x8f\x12\x6a\xbe\x77\x93\x59\xca\x59\xbc\xa7\x52\xc3\x08\xd2\x81"
+	"\x57\x3b\xc6\x17\x8b\x6c\x0f\xef\x7d\xc4\x45\xe4\xf8\x26\x43\x04"
+	"\x37\xb9\xf9\xd7\x90\x58\x1d\xe5\x74\x9c\x2c\xb9\xcb\x26\xd4\x2b"
+	"\x2f\xee\x15\xb6\xb2\x6f\x09\xc9\x96\x70\x33\x64\x23\xb8\x6b\xc5"
+	"\xbe\xc7\x11\x13\x15\x7b\xe2\xd9\x44\xd7\xff\x3e\xeb\xff\xb2\x84"
+	"\x13\x14\x3e\xa3\x67\x55\xdb\x0a\xe6\x2f\xf5\xb7\x24\xee\xcb\x3d"
+	"\x31\x6b\x6b\xac\x67\xe8\x9c\xac\xd8\x17\x19\x37\xe2\xab\x19\xbd"
+	"\x35\x3a\x89\xac\xea\x8c\x36\xf8\x1c\x89\xa6\x20\xd5\xfd\x2e\xff"
+	"\xea\x89\x66\x01\xc7\xf9\xda\xca\x7f\x03\x3f\x63\x5a\x3a\x94\x33"
+	"\x31\xd1\xb1\xb4\xf5\x28\x87\x90\xb5\x3a\xf3\x52\xf1\x12\x1c\xa1"
+	"\xbe\xf2\x05\xf4\x0d\xc0\x12\xc4\x12\xb4\x0b\xdd\x27\x58\x5b\x94"
+	"\x64\x66\xd7\x5f\x7e\xe0\xa7\xf9\xd5\x49\xb4\xbe\xce\x6f\x43\xac"
+	"\x3e\xe6\x5f\xe7\xfd\x37\x12\x33\x59\xd9\xf1\xa8\x50\xad\x45\x0a"
+	"\xaf\x5c\x94\xeb\x11\xde\xa3\xfc\x0f\xc6\xe9\x85\x6b\x18\x05\xef"
+	/* e */
+	"\x02\x82\x01\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\xc9\x4f",
+	.key_len = 525,
+	.params =
+	"\x30\x30"
+	"\xa0\x0d\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\xa1"
+	"\x1a\x30\x18\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x08\x30\x0b"
+	"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\xa2\x03\x02\x01\x20",
+	.param_len = 50,
+	/*
+	 * m is SHA256 hash of following message:
+	 * "\xdf\xc2\x26\x04\xb9\x5d\x15\x32\x80\x59\x74\x5c\x6c\x98\xeb"
+	 * "\x9d\xfb\x34\x7c\xf9\xf1\x70\xaf\xf1\x9d\xee\xec\x55\x5f\x22"
+	 * "\x28\x5a\x67\x06\xc4\xec\xbf\x0f\xb1\x45\x8c\x60\xd9\xbf\x91"
+	 * "\x3f\xba\xe6\xf4\xc5\x54\xd2\x45\xd9\x46\xb4\xbc\x5f\x34\xae"
+	 * "\xc2\xac\x6b\xe8\xb3\x3d\xc8\xe0\xe3\xa9\xd6\x01\xdf\xd5\x36"
+	 * "\x78\xf5\x67\x44\x43\xf6\x7d\xf7\x8a\x3a\x9e\x09\x33\xe5\xf1"
+	 * "\x58\xb1\x69\xac\x8d\x1c\x4c\xd0\xfb\x87\x2c\x14\xca\x8e\x00"
+	 * "\x1e\x54\x2e\xa0\xf9\xcf\xda\x88\xc4\x2d\xca\xd8\xa7\x40\x97"
+	 * "\xa0\x0c\x22\x05\x5b\x0b\xd4\x1f"
+	 */
+	.m =
+	"\xb9\x8a\x0d\x22\xe8\x37\xb1\x01\x87\x4a\x5f\x0d\x7a\xd4\x98\x36"
+	"\xe6\x27\x3f\xc7\x5c\xd2\xd0\x73\xdc\x81\xd9\x6f\x05\xf5\x8f\x3c",
+	.m_size = 32,
+	.c =
+	"\x8b\x46\xf2\xc8\x89\xd8\x19\xf8\x60\xaf\x0a\x6c\x4c\x88\x9e\x4d"
+	"\x14\x36\xc6\xca\x17\x44\x64\xd2\x2a\xe1\x1b\x9c\xcc\x26\x5d\x74"
+	"\x3c\x67\xe5\x69\xac\xcb\xc5\xa8\x0d\x4d\xd5\xf1\xbf\x40\x39\xe2"
+	"\x3d\xe5\x2a\xec\xe4\x02\x91\xc7\x5f\x89\x36\xc5\x8c\x9a\x2f\x77"
+	"\xa7\x80\xbb\xe7\xad\x31\xeb\x76\x74\x2f\x7b\x2b\x8b\x14\xca\x1a"
+	"\x71\x96\xaf\x7e\x67\x3a\x3c\xfc\x23\x7d\x50\xf6\x15\xb7\x5c\xf4"
+	"\xa7\xea\x78\xa9\x48\xbe\xda\xf9\x24\x24\x94\xb4\x1e\x1d\xb5\x1f"
+	"\x43\x7f\x15\xfd\x25\x51\xbb\x5d\x24\xee\xfb\x1c\x3e\x60\xf0\x36"
+	"\x94\xd0\x03\x3a\x1e\x0a\x9b\x9f\x5e\x4a\xb9\x7d\x45\x7d\xff\x9b"
+	"\x9d\xa5\x16\xdc\x22\x6d\x6d\x65\x29\x50\x03\x08\xed\x74\xa2\xe6"
+	"\xd9\xf3\xc1\x05\x95\x78\x8a\x52\xa1\xbc\x06\x64\xae\xdf\x33\xef"
+	"\xc8\xba\xdd\x03\x7e\xb7\xb8\x80\x77\x2b\xdb\x04\xa6\x04\x6e\x9e"
+	"\xde\xee\x41\x97\xc2\x55\x07\xfb\x0f\x11\xab\x1c\x9f\x63\xf5\x3c"
+	"\x88\x20\xea\x84\x05\xcf\xd7\x72\x16\x92\x47\x5b\x4d\x72\x35\x5f"
+	"\xa9\xa3\x80\x4f\x29\xe6\xb6\xa7\xb0\x59\xc4\x44\x1d\x54\xb2\x8e"
+	"\x4e\xed\x25\x29\xc6\x10\x3b\x54\x32\xc7\x13\x32\xce\x74\x2b\xcc",
+	.c_size = 256,
+	.public_key_vec = true,
+	.siggen_sigver_test = true,
+	}
+};
+
 static const struct kpp_testvec dh_tv_template[] = {
 	{
 	.secret =
-- 
1.8.3.1

[PATCH 4/5] crypto: ecdsa ima support

[Hongbo Li]

From: Hongbo Li <herberthbli@tencent.com>

This patch is borrowed from Stefan Berger's ecdsa patch series,
will be removed when ecdsa is merged into kernel.

Signed-off-by: Hongbo Li <herberthbli@tencent.com>
---
 include/keys/asymmetric-type.h         |  6 ++++++
 security/integrity/digsig_asymmetric.c | 29 ++++++++++++++---------------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index a29d3ff..c432fdb8 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -72,6 +72,12 @@ const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
 	return key->payload.data[asym_key_ids];
 }
 
+static inline
+const struct public_key *asymmetric_key_public_key(const struct key *key)
+{
+	return key->payload.data[asym_crypto];
+}
+
 extern struct key *find_asymmetric_key(struct key *keyring,
 				       const struct asymmetric_key_id *id_0,
 				       const struct asymmetric_key_id *id_1,
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index a662024..183f452 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -84,6 +84,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 {
 	struct public_key_signature pks;
 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
+	const struct public_key *pk;
 	struct key *key;
 	int ret;
 
@@ -105,23 +106,21 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 	memset(&pks, 0, sizeof(pks));
 
 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
-	switch (hdr->hash_algo) {
-	case HASH_ALGO_STREEBOG_256:
-	case HASH_ALGO_STREEBOG_512:
-		/* EC-RDSA and Streebog should go together. */
-		pks.pkey_algo = "ecrdsa";
-		pks.encoding = "raw";
-		break;
-	case HASH_ALGO_SM3_256:
-		/* SM2 and SM3 should go together. */
-		pks.pkey_algo = "sm2";
-		pks.encoding = "raw";
-		break;
-	default:
-		pks.pkey_algo = "rsa";
+
+	pk = asymmetric_key_public_key(key);
+	pks.pkey_algo = pk->pkey_algo;
+	if (!strcmp(pk->pkey_algo, "rsa")) {
 		pks.encoding = "pkcs1";
-		break;
+	} else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) {
+		/* edcsa-nist-p192 etc. */
+		pks.encoding = "x962";
+	} else if (!strcmp(pk->pkey_algo, "ecrdsa") ||
+		   !strcmp(pk->pkey_algo, "sm2")) {
+		pks.encoding = "raw";
+	} else {
+		return -ENOPKG;
 	}
+
 	pks.digest = (u8 *)data;
 	pks.digest_size = datalen;
 	pks.s = hdr->sig;
-- 
1.8.3.1

[PATCH 5/5] ima: add support for rsa pss verification

[Hongbo Li]

From: Hongbo Li <herberthbli@tencent.com>

This patch adds support for ima verification for rsa with
pss encoding.

And a patch for ima-evm-utils will be sent later.

Signed-off-by: Hongbo Li <herberthbli@tencent.com>
---
 security/integrity/digsig_asymmetric.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 183f452..ef7a51a 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -85,6 +85,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 	struct public_key_signature pks;
 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
 	const struct public_key *pk;
+	struct public_key_signature *cert_sig;
 	struct key *key;
 	int ret;
 
@@ -110,7 +111,11 @@ int asymmetric_verify(struct key *keyring, const char *sig,
 	pk = asymmetric_key_public_key(key);
 	pks.pkey_algo = pk->pkey_algo;
 	if (!strcmp(pk->pkey_algo, "rsa")) {
-		pks.encoding = "pkcs1";
+		cert_sig = key->payload.data[asym_auth];
+		if (cert_sig)
+			pks.encoding = cert_sig->encoding;
+		else
+			pks.encoding = "pkcs1";
 	} else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) {
 		/* edcsa-nist-p192 etc. */
 		pks.encoding = "x962";
-- 
1.8.3.1

Re: [PATCH 1/5] x509: add support for rsa-pss

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 1975 bytes --]

Hi Hongbo,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on crypto/master]
[also build test ERROR on security/next-testing linus/master v5.12-rc6 next-20210406]
[cannot apply to cryptodev/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
base:   https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master
config: alpha-randconfig-p001-20210406 (attached as .config)
compiler: alpha-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/5aa0c74e8d4a650e359aec1790c35c2c26fb618f
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
        git checkout 5aa0c74e8d4a650e359aec1790c35c2c26fb618f
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=alpha 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> make[3]: *** No rule to make target 'crypto/asymmetric_keys/x509_rsapss_params.asn1.c', needed by 'crypto/asymmetric_keys/x509_rsapss_params.asn1.o'.
   make[3]: *** No rule to make target 'crypto/asymmetric_keys/x509_rsapss_params.asn1.h', needed by 'crypto/asymmetric_keys/x509_rsapss_params.asn1.o'.
   make[3]: Target '__build' not remade because of errors.

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31870 bytes --]

Re: [PATCH 1/5] x509: add support for rsa-pss

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2014 bytes --]

Hi Hongbo,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on crypto/master]
[also build test ERROR on security/next-testing linus/master v5.12-rc6 next-20210406]
[cannot apply to cryptodev/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
base:   https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master
config: alpha-randconfig-p001-20210406 (attached as .config)
compiler: alpha-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/5aa0c74e8d4a650e359aec1790c35c2c26fb618f
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
        git checkout 5aa0c74e8d4a650e359aec1790c35c2c26fb618f
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=alpha 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> make[3]: *** No rule to make target 'crypto/asymmetric_keys/x509_rsapss_params.asn1.c', needed by 'crypto/asymmetric_keys/x509_rsapss_params.asn1.o'.
   make[3]: *** No rule to make target 'crypto/asymmetric_keys/x509_rsapss_params.asn1.h', needed by 'crypto/asymmetric_keys/x509_rsapss_params.asn1.o'.
   make[3]: Target '__build' not remade because of errors.

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 31870 bytes --]

Re: [PATCH 2/5] crypto: support rsa-pss encoding

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 11398 bytes --]

Hi Hongbo,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on crypto/master]
[also build test ERROR on security/next-testing linus/master v5.12-rc6 next-20210406]
[cannot apply to cryptodev/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
base:   https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master
config: m68k-defconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/951e694ffaeb62069494bc7bc94c296183f4ed49
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
        git checkout 951e694ffaeb62069494bc7bc94c296183f4ed49
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=m68k 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   make[2]: *** No rule to make target 'crypto//seqiv.o', needed by 'crypto//seqiv.mod'.
   make[2]: *** No rule to make target 'crypto//echainiv.o', needed by 'crypto//echainiv.mod'.
   make[2]: *** No rule to make target 'crypto//dh.o', needed by 'crypto//dh_generic.o'.
   make[2]: *** No rule to make target 'crypto//dh_helper.o', needed by 'crypto//dh_generic.o'.
   make[2]: *** No rule to make target 'crypto//rsapubkey.asn1.c', needed by 'crypto//rsapubkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsapubkey.asn1.h', needed by 'crypto//rsapubkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsaprivkey.asn1.c', needed by 'crypto//rsaprivkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsaprivkey.asn1.h', needed by 'crypto//rsaprivkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsapss_params.asn1.c', needed by 'crypto//rsapss_params.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsapss_params.asn1.h', needed by 'crypto//rsapss_params.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsa.o', needed by 'crypto//rsa_generic.o'.
   make[2]: *** No rule to make target 'crypto//rsa-pkcs1pad.o', needed by 'crypto//rsa_generic.o'.
>> make[2]: *** No rule to make target 'crypto//rsa-psspad.o', needed by 'crypto//rsa_generic.o'.
   make[2]: *** No rule to make target 'crypto//sm2signature.asn1.c', needed by 'crypto//sm2signature.asn1.o'.
   make[2]: *** No rule to make target 'crypto//sm2signature.asn1.h', needed by 'crypto//sm2signature.asn1.o'.
   make[2]: *** No rule to make target 'crypto//crypto_user_base.o', needed by 'crypto//crypto_user.o'.
   make[2]: *** No rule to make target 'crypto//cmac.o', needed by 'crypto//cmac.mod'.
   make[2]: *** No rule to make target 'crypto//hmac.o', needed by 'crypto//hmac.mod'.
   make[2]: *** No rule to make target 'crypto//vmac.o', needed by 'crypto//vmac.mod'.
   make[2]: *** No rule to make target 'crypto//md4.o', needed by 'crypto//md4.mod'.
   make[2]: *** No rule to make target 'crypto//md5.o', needed by 'crypto//md5.mod'.
   make[2]: *** No rule to make target 'crypto//rmd160.o', needed by 'crypto//rmd160.mod'.
   make[2]: *** No rule to make target 'crypto//sha1_generic.o', needed by 'crypto//sha1_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sha256_generic.o', needed by 'crypto//sha256_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sha512_generic.o', needed by 'crypto//sha512_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sha3_generic.o', needed by 'crypto//sha3_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sm3_generic.o', needed by 'crypto//sm3_generic.mod'.
   make[2]: *** No rule to make target 'crypto//streebog_generic.o', needed by 'crypto//streebog_generic.mod'.
   make[2]: *** No rule to make target 'crypto//wp512.o', needed by 'crypto//wp512.mod'.
   make[2]: *** No rule to make target 'crypto//blake2b_generic.o', needed by 'crypto//blake2b_generic.mod'.
   make[2]: *** No rule to make target 'crypto//blake2s_generic.o', needed by 'crypto//blake2s_generic.mod'.
   make[2]: *** No rule to make target 'crypto//gf128mul.o', needed by 'crypto//gf128mul.mod'.
   make[2]: *** No rule to make target 'crypto//ecb.o', needed by 'crypto//ecb.mod'.
   make[2]: *** No rule to make target 'crypto//cbc.o', needed by 'crypto//cbc.mod'.
   make[2]: *** No rule to make target 'crypto//cfb.o', needed by 'crypto//cfb.mod'.
   make[2]: *** No rule to make target 'crypto//cts.o', needed by 'crypto//cts.mod'.
   make[2]: *** No rule to make target 'crypto//lrw.o', needed by 'crypto//lrw.mod'.
   make[2]: *** No rule to make target 'crypto//xts.o', needed by 'crypto//xts.mod'.
   make[2]: *** No rule to make target 'crypto//ctr.o', needed by 'crypto//ctr.mod'.
   make[2]: *** No rule to make target 'crypto//keywrap.o', needed by 'crypto//keywrap.mod'.
   make[2]: *** No rule to make target 'crypto//adiantum.o', needed by 'crypto//adiantum.mod'.
   make[2]: *** No rule to make target 'crypto//nhpoly1305.o', needed by 'crypto//nhpoly1305.mod'.
   make[2]: *** No rule to make target 'crypto//gcm.o', needed by 'crypto//gcm.mod'.
   make[2]: *** No rule to make target 'crypto//ccm.o', needed by 'crypto//ccm.mod'.
   make[2]: *** No rule to make target 'crypto//chacha20poly1305.o', needed by 'crypto//chacha20poly1305.mod'.
   make[2]: *** No rule to make target 'crypto//aegis128-core.o', needed by 'crypto//aegis128.o'.
   make[2]: *** No rule to make target 'crypto//cryptd.o', needed by 'crypto//cryptd.mod'.
   make[2]: *** No rule to make target 'crypto//des_generic.o', needed by 'crypto//des_generic.mod'.
   make[2]: *** No rule to make target 'crypto//fcrypt.o', needed by 'crypto//fcrypt.mod'.
   make[2]: *** No rule to make target 'crypto//blowfish_generic.o', needed by 'crypto//blowfish_generic.mod'.
   make[2]: *** No rule to make target 'crypto//blowfish_common.o', needed by 'crypto//blowfish_common.mod'.
   make[2]: *** No rule to make target 'crypto//twofish_generic.o', needed by 'crypto//twofish_generic.mod'.
   make[2]: *** No rule to make target 'crypto//twofish_common.o', needed by 'crypto//twofish_common.mod'.
   make[2]: *** No rule to make target 'crypto//serpent_generic.o', needed by 'crypto//serpent_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sm4_generic.o', needed by 'crypto//sm4_generic.mod'.
   make[2]: *** No rule to make target 'crypto//aes_ti.o', needed by 'crypto//aes_ti.mod'.
   make[2]: *** No rule to make target 'crypto//camellia_generic.o', needed by 'crypto//camellia_generic.mod'.
   make[2]: *** No rule to make target 'crypto//cast_common.o', needed by 'crypto//cast_common.mod'.
   make[2]: *** No rule to make target 'crypto//cast5_generic.o', needed by 'crypto//cast5_generic.mod'.
   make[2]: *** No rule to make target 'crypto//cast6_generic.o', needed by 'crypto//cast6_generic.mod'.
   make[2]: *** No rule to make target 'crypto//arc4.o', needed by 'crypto//arc4.mod'.
   make[2]: *** No rule to make target 'crypto//tea.o', needed by 'crypto//tea.mod'.
   make[2]: *** No rule to make target 'crypto//khazad.o', needed by 'crypto//khazad.mod'.
   make[2]: *** No rule to make target 'crypto//anubis.o', needed by 'crypto//anubis.mod'.
   make[2]: *** No rule to make target 'crypto//seed.o', needed by 'crypto//seed.mod'.
   make[2]: *** No rule to make target 'crypto//chacha_generic.o', needed by 'crypto//chacha_generic.mod'.
   make[2]: *** No rule to make target 'crypto//poly1305_generic.o', needed by 'crypto//poly1305_generic.mod'.
   make[2]: *** No rule to make target 'crypto//deflate.o', needed by 'crypto//deflate.mod'.
   make[2]: *** No rule to make target 'crypto//michael_mic.o', needed by 'crypto//michael_mic.mod'.
   make[2]: *** No rule to make target 'crypto//authenc.o', needed by 'crypto//authenc.mod'.
   make[2]: *** No rule to make target 'crypto//authencesn.o', needed by 'crypto//authencesn.mod'.
   make[2]: *** No rule to make target 'crypto//lzo.o', needed by 'crypto//lzo.mod'.
   make[2]: *** No rule to make target 'crypto//lzo-rle.o', needed by 'crypto//lzo-rle.mod'.
   make[2]: *** No rule to make target 'crypto//lz4.o', needed by 'crypto//lz4.mod'.
   make[2]: *** No rule to make target 'crypto//lz4hc.o', needed by 'crypto//lz4hc.mod'.
   make[2]: *** No rule to make target 'crypto//xxhash_generic.o', needed by 'crypto//xxhash_generic.mod'.
   make[2]: *** No rule to make target 'crypto//842.o', needed by 'crypto//842.mod'.
   make[2]: *** No rule to make target 'crypto//ansi_cprng.o', needed by 'crypto//ansi_cprng.mod'.
   make[2]: *** No rule to make target 'crypto//drbg.o', needed by 'crypto//drbg.mod'.
   make[2]: *** No rule to make target 'crypto//jitterentropy.o', needed by 'crypto//jitterentropy_rng.o'.
   make[2]: *** No rule to make target 'crypto//jitterentropy-kcapi.o', needed by 'crypto//jitterentropy_rng.o'.
   make[2]: *** No rule to make target 'crypto//tcrypt.o', needed by 'crypto//tcrypt.mod'.
   make[2]: *** No rule to make target 'crypto//ghash-generic.o', needed by 'crypto//ghash-generic.mod'.
   make[2]: *** No rule to make target 'crypto//af_alg.o', needed by 'crypto//af_alg.mod'.
   make[2]: *** No rule to make target 'crypto//algif_hash.o', needed by 'crypto//algif_hash.mod'.
   make[2]: *** No rule to make target 'crypto//algif_skcipher.o', needed by 'crypto//algif_skcipher.mod'.
   make[2]: *** No rule to make target 'crypto//algif_rng.o', needed by 'crypto//algif_rng.mod'.
   make[2]: *** No rule to make target 'crypto//algif_aead.o', needed by 'crypto//algif_aead.mod'.
   make[2]: *** No rule to make target 'crypto//zstd.o', needed by 'crypto//zstd.mod'.
   make[2]: *** No rule to make target 'crypto//ofb.o', needed by 'crypto//ofb.mod'.
   make[2]: *** No rule to make target 'crypto//ecc.o', needed by 'crypto//ecc.mod'.
   make[2]: *** No rule to make target 'crypto//essiv.o', needed by 'crypto//essiv.mod'.
   make[2]: *** No rule to make target 'crypto//curve25519-generic.o', needed by 'crypto//curve25519-generic.mod'.
   make[2]: *** No rule to make target 'crypto//ecdh.o', needed by 'crypto//ecdh_generic.o'.
   make[2]: *** No rule to make target 'crypto//ecdh_helper.o', needed by 'crypto//ecdh_generic.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_params.asn1.h', needed by 'crypto//ecrdsa.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_pub_key.asn1.h', needed by 'crypto//ecrdsa.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_params.asn1.c', needed by 'crypto//ecrdsa_params.asn1.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_pub_key.asn1.c', needed by 'crypto//ecrdsa_pub_key.asn1.o'.
   make[2]: *** No rule to make target 'crypto//xor.o', needed by 'crypto//xor.mod'.
   make[2]: Target '__build' not remade because of errors.

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 17012 bytes --]

Re: [PATCH 2/5] crypto: support rsa-pss encoding

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 11535 bytes --]

Hi Hongbo,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on crypto/master]
[also build test ERROR on security/next-testing linus/master v5.12-rc6 next-20210406]
[cannot apply to cryptodev/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
base:   https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master
config: m68k-defconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/951e694ffaeb62069494bc7bc94c296183f4ed49
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Hongbo-Li/crypto-add-rsa-pss-support-for-x509/20210406-211503
        git checkout 951e694ffaeb62069494bc7bc94c296183f4ed49
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=m68k 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   make[2]: *** No rule to make target 'crypto//seqiv.o', needed by 'crypto//seqiv.mod'.
   make[2]: *** No rule to make target 'crypto//echainiv.o', needed by 'crypto//echainiv.mod'.
   make[2]: *** No rule to make target 'crypto//dh.o', needed by 'crypto//dh_generic.o'.
   make[2]: *** No rule to make target 'crypto//dh_helper.o', needed by 'crypto//dh_generic.o'.
   make[2]: *** No rule to make target 'crypto//rsapubkey.asn1.c', needed by 'crypto//rsapubkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsapubkey.asn1.h', needed by 'crypto//rsapubkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsaprivkey.asn1.c', needed by 'crypto//rsaprivkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsaprivkey.asn1.h', needed by 'crypto//rsaprivkey.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsapss_params.asn1.c', needed by 'crypto//rsapss_params.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsapss_params.asn1.h', needed by 'crypto//rsapss_params.asn1.o'.
   make[2]: *** No rule to make target 'crypto//rsa.o', needed by 'crypto//rsa_generic.o'.
   make[2]: *** No rule to make target 'crypto//rsa-pkcs1pad.o', needed by 'crypto//rsa_generic.o'.
>> make[2]: *** No rule to make target 'crypto//rsa-psspad.o', needed by 'crypto//rsa_generic.o'.
   make[2]: *** No rule to make target 'crypto//sm2signature.asn1.c', needed by 'crypto//sm2signature.asn1.o'.
   make[2]: *** No rule to make target 'crypto//sm2signature.asn1.h', needed by 'crypto//sm2signature.asn1.o'.
   make[2]: *** No rule to make target 'crypto//crypto_user_base.o', needed by 'crypto//crypto_user.o'.
   make[2]: *** No rule to make target 'crypto//cmac.o', needed by 'crypto//cmac.mod'.
   make[2]: *** No rule to make target 'crypto//hmac.o', needed by 'crypto//hmac.mod'.
   make[2]: *** No rule to make target 'crypto//vmac.o', needed by 'crypto//vmac.mod'.
   make[2]: *** No rule to make target 'crypto//md4.o', needed by 'crypto//md4.mod'.
   make[2]: *** No rule to make target 'crypto//md5.o', needed by 'crypto//md5.mod'.
   make[2]: *** No rule to make target 'crypto//rmd160.o', needed by 'crypto//rmd160.mod'.
   make[2]: *** No rule to make target 'crypto//sha1_generic.o', needed by 'crypto//sha1_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sha256_generic.o', needed by 'crypto//sha256_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sha512_generic.o', needed by 'crypto//sha512_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sha3_generic.o', needed by 'crypto//sha3_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sm3_generic.o', needed by 'crypto//sm3_generic.mod'.
   make[2]: *** No rule to make target 'crypto//streebog_generic.o', needed by 'crypto//streebog_generic.mod'.
   make[2]: *** No rule to make target 'crypto//wp512.o', needed by 'crypto//wp512.mod'.
   make[2]: *** No rule to make target 'crypto//blake2b_generic.o', needed by 'crypto//blake2b_generic.mod'.
   make[2]: *** No rule to make target 'crypto//blake2s_generic.o', needed by 'crypto//blake2s_generic.mod'.
   make[2]: *** No rule to make target 'crypto//gf128mul.o', needed by 'crypto//gf128mul.mod'.
   make[2]: *** No rule to make target 'crypto//ecb.o', needed by 'crypto//ecb.mod'.
   make[2]: *** No rule to make target 'crypto//cbc.o', needed by 'crypto//cbc.mod'.
   make[2]: *** No rule to make target 'crypto//cfb.o', needed by 'crypto//cfb.mod'.
   make[2]: *** No rule to make target 'crypto//cts.o', needed by 'crypto//cts.mod'.
   make[2]: *** No rule to make target 'crypto//lrw.o', needed by 'crypto//lrw.mod'.
   make[2]: *** No rule to make target 'crypto//xts.o', needed by 'crypto//xts.mod'.
   make[2]: *** No rule to make target 'crypto//ctr.o', needed by 'crypto//ctr.mod'.
   make[2]: *** No rule to make target 'crypto//keywrap.o', needed by 'crypto//keywrap.mod'.
   make[2]: *** No rule to make target 'crypto//adiantum.o', needed by 'crypto//adiantum.mod'.
   make[2]: *** No rule to make target 'crypto//nhpoly1305.o', needed by 'crypto//nhpoly1305.mod'.
   make[2]: *** No rule to make target 'crypto//gcm.o', needed by 'crypto//gcm.mod'.
   make[2]: *** No rule to make target 'crypto//ccm.o', needed by 'crypto//ccm.mod'.
   make[2]: *** No rule to make target 'crypto//chacha20poly1305.o', needed by 'crypto//chacha20poly1305.mod'.
   make[2]: *** No rule to make target 'crypto//aegis128-core.o', needed by 'crypto//aegis128.o'.
   make[2]: *** No rule to make target 'crypto//cryptd.o', needed by 'crypto//cryptd.mod'.
   make[2]: *** No rule to make target 'crypto//des_generic.o', needed by 'crypto//des_generic.mod'.
   make[2]: *** No rule to make target 'crypto//fcrypt.o', needed by 'crypto//fcrypt.mod'.
   make[2]: *** No rule to make target 'crypto//blowfish_generic.o', needed by 'crypto//blowfish_generic.mod'.
   make[2]: *** No rule to make target 'crypto//blowfish_common.o', needed by 'crypto//blowfish_common.mod'.
   make[2]: *** No rule to make target 'crypto//twofish_generic.o', needed by 'crypto//twofish_generic.mod'.
   make[2]: *** No rule to make target 'crypto//twofish_common.o', needed by 'crypto//twofish_common.mod'.
   make[2]: *** No rule to make target 'crypto//serpent_generic.o', needed by 'crypto//serpent_generic.mod'.
   make[2]: *** No rule to make target 'crypto//sm4_generic.o', needed by 'crypto//sm4_generic.mod'.
   make[2]: *** No rule to make target 'crypto//aes_ti.o', needed by 'crypto//aes_ti.mod'.
   make[2]: *** No rule to make target 'crypto//camellia_generic.o', needed by 'crypto//camellia_generic.mod'.
   make[2]: *** No rule to make target 'crypto//cast_common.o', needed by 'crypto//cast_common.mod'.
   make[2]: *** No rule to make target 'crypto//cast5_generic.o', needed by 'crypto//cast5_generic.mod'.
   make[2]: *** No rule to make target 'crypto//cast6_generic.o', needed by 'crypto//cast6_generic.mod'.
   make[2]: *** No rule to make target 'crypto//arc4.o', needed by 'crypto//arc4.mod'.
   make[2]: *** No rule to make target 'crypto//tea.o', needed by 'crypto//tea.mod'.
   make[2]: *** No rule to make target 'crypto//khazad.o', needed by 'crypto//khazad.mod'.
   make[2]: *** No rule to make target 'crypto//anubis.o', needed by 'crypto//anubis.mod'.
   make[2]: *** No rule to make target 'crypto//seed.o', needed by 'crypto//seed.mod'.
   make[2]: *** No rule to make target 'crypto//chacha_generic.o', needed by 'crypto//chacha_generic.mod'.
   make[2]: *** No rule to make target 'crypto//poly1305_generic.o', needed by 'crypto//poly1305_generic.mod'.
   make[2]: *** No rule to make target 'crypto//deflate.o', needed by 'crypto//deflate.mod'.
   make[2]: *** No rule to make target 'crypto//michael_mic.o', needed by 'crypto//michael_mic.mod'.
   make[2]: *** No rule to make target 'crypto//authenc.o', needed by 'crypto//authenc.mod'.
   make[2]: *** No rule to make target 'crypto//authencesn.o', needed by 'crypto//authencesn.mod'.
   make[2]: *** No rule to make target 'crypto//lzo.o', needed by 'crypto//lzo.mod'.
   make[2]: *** No rule to make target 'crypto//lzo-rle.o', needed by 'crypto//lzo-rle.mod'.
   make[2]: *** No rule to make target 'crypto//lz4.o', needed by 'crypto//lz4.mod'.
   make[2]: *** No rule to make target 'crypto//lz4hc.o', needed by 'crypto//lz4hc.mod'.
   make[2]: *** No rule to make target 'crypto//xxhash_generic.o', needed by 'crypto//xxhash_generic.mod'.
   make[2]: *** No rule to make target 'crypto//842.o', needed by 'crypto//842.mod'.
   make[2]: *** No rule to make target 'crypto//ansi_cprng.o', needed by 'crypto//ansi_cprng.mod'.
   make[2]: *** No rule to make target 'crypto//drbg.o', needed by 'crypto//drbg.mod'.
   make[2]: *** No rule to make target 'crypto//jitterentropy.o', needed by 'crypto//jitterentropy_rng.o'.
   make[2]: *** No rule to make target 'crypto//jitterentropy-kcapi.o', needed by 'crypto//jitterentropy_rng.o'.
   make[2]: *** No rule to make target 'crypto//tcrypt.o', needed by 'crypto//tcrypt.mod'.
   make[2]: *** No rule to make target 'crypto//ghash-generic.o', needed by 'crypto//ghash-generic.mod'.
   make[2]: *** No rule to make target 'crypto//af_alg.o', needed by 'crypto//af_alg.mod'.
   make[2]: *** No rule to make target 'crypto//algif_hash.o', needed by 'crypto//algif_hash.mod'.
   make[2]: *** No rule to make target 'crypto//algif_skcipher.o', needed by 'crypto//algif_skcipher.mod'.
   make[2]: *** No rule to make target 'crypto//algif_rng.o', needed by 'crypto//algif_rng.mod'.
   make[2]: *** No rule to make target 'crypto//algif_aead.o', needed by 'crypto//algif_aead.mod'.
   make[2]: *** No rule to make target 'crypto//zstd.o', needed by 'crypto//zstd.mod'.
   make[2]: *** No rule to make target 'crypto//ofb.o', needed by 'crypto//ofb.mod'.
   make[2]: *** No rule to make target 'crypto//ecc.o', needed by 'crypto//ecc.mod'.
   make[2]: *** No rule to make target 'crypto//essiv.o', needed by 'crypto//essiv.mod'.
   make[2]: *** No rule to make target 'crypto//curve25519-generic.o', needed by 'crypto//curve25519-generic.mod'.
   make[2]: *** No rule to make target 'crypto//ecdh.o', needed by 'crypto//ecdh_generic.o'.
   make[2]: *** No rule to make target 'crypto//ecdh_helper.o', needed by 'crypto//ecdh_generic.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_params.asn1.h', needed by 'crypto//ecrdsa.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_pub_key.asn1.h', needed by 'crypto//ecrdsa.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_params.asn1.c', needed by 'crypto//ecrdsa_params.asn1.o'.
   make[2]: *** No rule to make target 'crypto//ecrdsa_pub_key.asn1.c', needed by 'crypto//ecrdsa_pub_key.asn1.o'.
   make[2]: *** No rule to make target 'crypto//xor.o', needed by 'crypto//xor.mod'.
   make[2]: Target '__build' not remade because of errors.

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 17012 bytes --]

Re: [PATCH 0/5] crypto: add rsa pss support for x509

[Jarkko Sakkinen]

On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:
> From: Hongbo Li <herberthbli@tencent.com>
> 
> This series of patches adds support for x509 cert signed by RSA
> with PSS encoding method. RSA PSS is described in rfc8017.

Please also briefly describe it here AND also provide link to the
RFC. In the way this currently is, it is too time consuming to
review the patch set.

/Jarkko

> 
> This series of patches adds support for x509 cert signed by RSA
> with PSS encoding method. RSA PSS is described in rfc8017.
> 
> Patch1 make x509 support rsa pss algo and parse hash parameter.
> 
> Patch2 add rsa pss template.
> 
> Patch3 add test vector for rsa pss.
> 
> Patch4 is the ecdsa ima patch borrowed from Stefan Berge's ecdsa
>        patch series, rsa-pss's ima patch is made on top of this patch.
> 
> Patch5 is the rsa-pss's ima patch.
> 
> Test by the following script, it tests different saltlen, hash, mgfhash.
> 
> keyctl newring test @u
> 
> while :; do
>     for modbits in 1024 2048 4096; do
> 	if [ $modbits -eq 1024 ]; then
> 	    saltlen=(-1 -2 0 20 32 48 64 94)
> 	elif [ $modbits -eq 2048 ]; then
> 	    saltlen=(-1 -2 0 20 32 48 64 222)
> 	else
> 	    saltlen=(-1 -2 0 20 32 48 64 478)
> 	fi
> 
> 	for slen in ${saltlen[@]}; do
> 	    for hash in sha1 sha224 sha256 sha384 sha512; do
> 		for mgfhash in sha1 sha224 sha256 sha384 sha512; do
> 		    certfile="cert.der"
> 		    echo slen $slen
> 		    openssl req \
> 			    -x509 \
> 			    -${hash} \
> 			    -newkey rsa:$modbits \
> 			    -keyout key.pem \
> 			    -days 365 \
> 			    -subj '/CN=test' \
> 			    -nodes \
> 			    -sigopt rsa_padding_mode:pss \
> 			    -sigopt rsa_mgf1_md:$mgfhash \
> 			    -sigopt rsa_pss_saltlen:${slen} \
> 			    -outform der \
> 			    -out ${certfile} 2>/dev/null
> 
> 		    exp=0
> 		    id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}")
> 		    rc=$?
> 		    if [ $rc -ne $exp ]; then
> 			case "$exp" in
> 			    0) echo "Error: Could not load rsa-pss certificate!";;
> 			esac
> 			echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen"
> 			exit 1
> 		    else
> 			case "$rc" in
> 			    0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfhash $mgfhash saltlen $slen"
> 			esac
> 		    fi
> 		done
> 	    done
> 	done
>     done
> done
> 
> Hongbo Li (5):
>   x509: add support for rsa-pss
>   crypto: support rsa-pss encoding
>   crypto: add rsa pss test vector
>   crypto: ecdsa ima support
>   ima: add support for rsa pss verification
> 
>  crypto/Makefile                           |   7 +-
>  crypto/asymmetric_keys/Makefile           |   7 +-
>  crypto/asymmetric_keys/public_key.c       |   5 ++
>  crypto/asymmetric_keys/x509_cert_parser.c |  71 ++++++++++++++++-
>  crypto/rsa.c                              |  14 ++--
>  crypto/rsa_helper.c                       | 127 ++++++++++++++++++++++++++++++
>  crypto/testmgr.c                          |   7 ++
>  crypto/testmgr.h                          |  87 ++++++++++++++++++++
>  include/crypto/internal/rsa.h             |  25 +++++-
>  include/keys/asymmetric-type.h            |   6 ++
>  include/linux/oid_registry.h              |   2 +
>  security/integrity/digsig_asymmetric.c    |  34 ++++----
>  12 files changed, 363 insertions(+), 29 deletions(-)
> 
> -- 
> 1.8.3.1
> 
> 

Re: [PATCH 0/5] crypto: add rsa pss support for x509(Internet mail)

[herberthbli(李弘博)]

在 2021/4/7 16:38, Jarkko Sakkinen 写道:
> On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:
>> From: Hongbo Li <herberthbli@tencent.com>
>>
>> This series of patches adds support for x509 cert signed by RSA
>> with PSS encoding method. RSA PSS is described in rfc8017.
> Please also briefly describe it here AND also provide link to the
> RFC. In the way this currently is, it is too time consuming to
> review the patch set.
>
> /Jarkko

Thanks, will add that in the following patches.


>> This series of patches adds support for x509 cert signed by RSA
>> with PSS encoding method. RSA PSS is described in rfc8017.
>>
>> Patch1 make x509 support rsa pss algo and parse hash parameter.
>>
>> Patch2 add rsa pss template.
>>
>> Patch3 add test vector for rsa pss.
>>
>> Patch4 is the ecdsa ima patch borrowed from Stefan Berge's ecdsa
>>        patch series, rsa-pss's ima patch is made on top of this patch.
>>
>> Patch5 is the rsa-pss's ima patch.
>>
>> Test by the following script, it tests different saltlen, hash, mgfhash.
>>
>> keyctl newring test @u
>>
>> while :; do
>>     for modbits in 1024 2048 4096; do
>> 	if [ $modbits -eq 1024 ]; then
>> 	    saltlen=(-1 -2 0 20 32 48 64 94)
>> 	elif [ $modbits -eq 2048 ]; then
>> 	    saltlen=(-1 -2 0 20 32 48 64 222)
>> 	else
>> 	    saltlen=(-1 -2 0 20 32 48 64 478)
>> 	fi
>>
>> 	for slen in ${saltlen[@]}; do
>> 	    for hash in sha1 sha224 sha256 sha384 sha512; do
>> 		for mgfhash in sha1 sha224 sha256 sha384 sha512; do
>> 		    certfile="cert.der"
>> 		    echo slen $slen
>> 		    openssl req \
>> 			    -x509 \
>> 			    -${hash} \
>> 			    -newkey rsa:$modbits \
>> 			    -keyout key.pem \
>> 			    -days 365 \
>> 			    -subj '/CN=test' \
>> 			    -nodes \
>> 			    -sigopt rsa_padding_mode:pss \
>> 			    -sigopt rsa_mgf1_md:$mgfhash \
>> 			    -sigopt rsa_pss_saltlen:${slen} \
>> 			    -outform der \
>> 			    -out ${certfile} 2>/dev/null
>>
>> 		    exp=0
>> 		    id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}")
>> 		    rc=$?
>> 		    if [ $rc -ne $exp ]; then
>> 			case "$exp" in
>> 			    0) echo "Error: Could not load rsa-pss certificate!";;
>> 			esac
>> 			echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen"
>> 			exit 1
>> 		    else
>> 			case "$rc" in
>> 			    0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfhash $mgfhash saltlen $slen"
>> 			esac
>> 		    fi
>> 		done
>> 	    done
>> 	done
>>     done
>> done
>>
>> Hongbo Li (5):
>>   x509: add support for rsa-pss
>>   crypto: support rsa-pss encoding
>>   crypto: add rsa pss test vector
>>   crypto: ecdsa ima support
>>   ima: add support for rsa pss verification
>>
>>  crypto/Makefile                           |   7 +-
>>  crypto/asymmetric_keys/Makefile           |   7 +-
>>  crypto/asymmetric_keys/public_key.c       |   5 ++
>>  crypto/asymmetric_keys/x509_cert_parser.c |  71 ++++++++++++++++-
>>  crypto/rsa.c                              |  14 ++--
>>  crypto/rsa_helper.c                       | 127 ++++++++++++++++++++++++++++++
>>  crypto/testmgr.c                          |   7 ++
>>  crypto/testmgr.h                          |  87 ++++++++++++++++++++
>>  include/crypto/internal/rsa.h             |  25 +++++-
>>  include/keys/asymmetric-type.h            |   6 ++
>>  include/linux/oid_registry.h              |   2 +
>>  security/integrity/digsig_asymmetric.c    |  34 ++++----
>>  12 files changed, 363 insertions(+), 29 deletions(-)
>>
>> -- 
>> 1.8.3.1
>>
>>
>