Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp4891849rdb; Tue, 12 Dec 2023 12:12:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IEVRJjleMWRaFjFomvBNzNs4Yvs+UP/YAS3F5MJ4ylpQwXlsOtCxtUSnWB+Kj1qLrjvw9oh X-Received: by 2002:a05:6871:794:b0:202:d78c:c4d1 with SMTP id o20-20020a056871079400b00202d78cc4d1mr3548450oap.33.1702411930548; Tue, 12 Dec 2023 12:12:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702411930; cv=none; d=google.com; s=arc-20160816; b=lRnOGEDoBZIu6TGJLz5W7oPnrOoUf/e86JxfpsGcDKxQvn+UGpnOeUq2ImnKEi46v7 ES7qk0RyZ0UzceDsiVHHcN7M/NgsP+dJZQkLFfj13gv3aVknVLuZGnFs+dEgW28TFRcH nY2yg2iC5xVPEJ71lS2iNuVQOJ/yw+gJANY7GfpE6MKJ66hcQRlFqBexgOlrbZpF8vsR 1wHhdHO6nuDcBGsBktCH1Cx7Rdp32EtH1mLX9Kt/3Bh9UFY4sAPTlAizVXfPD6ozZx+r mRXBZj7WwETe6wWPpn9efTv166qE/ExIRwPPP76CpWJWNvHhxVkW118t5QnHvzPraywV eO4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=XCa0E1lAm2n9GmItdGOx9YyxXLG2EmQaxBESWwE/rt4=; fh=gXhXSlpHqCTbDnODPEzZnmr5lBcjZhAQXQfCNX8ybT4=; b=x1THxGBwP29bzzNB27iWmDfqP/KHOoBnuXuVTQC7s2qp1rul0aoYgDdAKMlfbcnKwd A0NrWprdjPUcxXua6W7rhQ8Jn8xLFiPEd7SeYklXuh2WHmh4R7sE9g1AUyYcwUjfIa2G uuvw9EpbEOxKTQs29N9a/9APLMD5nCGiUnzNhVwDD7trSHwKq8N9qEGxBkjx5ljijSe8 nZi2r1pJFjkuoYraxyTtea4wcO8PY/+PHZsSUQUdk//5oRK/1ZOgjA5tV+U0YpEWG/tJ tm4bFAN50n9aggCho/O4e9ZHlNw2VMrYYhf/mqNhnpSJRmoJsn8+o+w+qdOxFw6iK1xq HQAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=A3DENhAL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id k1-20020a63d841000000b005bdbe64cc26si8046078pgj.535.2023.12.12.12.12.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Dec 2023 12:12:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=A3DENhAL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id B2C268020903; Tue, 12 Dec 2023 12:12:05 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377240AbjLLULr (ORCPT + 99 others); Tue, 12 Dec 2023 15:11:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1377231AbjLLULq (ORCPT ); Tue, 12 Dec 2023 15:11:46 -0500 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18145CA for ; Tue, 12 Dec 2023 12:11:51 -0800 (PST) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 083593F15B for ; Tue, 12 Dec 2023 20:11:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1702411910; bh=XCa0E1lAm2n9GmItdGOx9YyxXLG2EmQaxBESWwE/rt4=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=A3DENhALaSHjG3+ns+t3Jeg2d4JveqSt9KKxZE2KWPp9c6nZ5KZ3uq2ohJHGgdgRz AuquBg3ihjtE54p8OgvBjNL++2s3NzUey8X0fE2IToc5GQo9Qb9iZQ28ZdqXxg0jyc J11phO7V0XjJ8SYWqO5oCYv6i62lwWwnAnUaTvKOaUyYm6TqFc0UJZzwVKkGEhsmgd OuyZle5xK9QLDPLAFqZG94cuo3MlN4P49QW9HaIr/j1fgqYjvuVxan669SF/ytj1Lg 0ZTWT+QDIKI+58JBAX4+k1uDhWHB50z/CyT/EM0STYG9Mw+4vQ++DIMujLkEC843uM +TGP3849tMIcw== Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-3335df64539so5093108f8f.3 for ; Tue, 12 Dec 2023 12:11:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702411909; x=1703016709; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XCa0E1lAm2n9GmItdGOx9YyxXLG2EmQaxBESWwE/rt4=; b=Kb96KjCL+9zeDiWyeKk0Xq2iE/YsDeJMnvRRBLDX7cIi8CzWRuwJZ6DwHYE22EsjEu c9ZkS321qnD7678ieTalcl0uMs7D23OhWNfI57CoicTSULnoWHHbDR1Vx78KaK9M1vZI fv71g2oPMdCZQbVNVJ25/nF78Jt2oNmdYCWAHUcxhmxo0d7xr5zYvs50tSrvxsL+2dRt FgsN0X8kJeOlEDWyUgBzij4iuXzBpMYmDu/9yeu1LJjGjt7MnHdxnbnxZtKZvhsNhWsx piNOSr4GMtQAuv/VGieR9hoHZMfmjke2Yj9rZWs2xRgcHBzU6QCWaK0SWsQmMYO/o//b g2Jg== X-Gm-Message-State: AOJu0Yxn617iXXjvGW7LTCIv1lIleA+YoqRo7TeVeZjBl9cyUSQIEfr6 2ALvHdskCTc0zyqYCrW2n29M8n0yZHFLigmXX+AHMZNqxEwr9D3W1W3NsYvBWII7H78bMcSw3gO p6DN6LbsCB5KJJu3BmQevwIh0rSSwmZL0EaYdIB18Eb520kS44CLbGHD6oC0qUZGgis7k X-Received: by 2002:adf:a187:0:b0:333:5eea:9217 with SMTP id u7-20020adfa187000000b003335eea9217mr2212527wru.15.1702411909530; Tue, 12 Dec 2023 12:11:49 -0800 (PST) X-Received: by 2002:adf:a187:0:b0:333:5eea:9217 with SMTP id u7-20020adfa187000000b003335eea9217mr2212524wru.15.1702411909255; Tue, 12 Dec 2023 12:11:49 -0800 (PST) MIME-Version: 1.0 References: <20231022180928.180437-1-dimitri.ledkov@canonical.com> In-Reply-To: From: Dimitri John Ledkov Date: Tue, 12 Dec 2023 20:11:13 +0000 Message-ID: Subject: Re: [PATCH] kmod: Add FIPS 202 SHA-3 support To: Lucas De Marchi Cc: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 12 Dec 2023 12:12:05 -0800 (PST) On Wed, 6 Dec 2023 at 15:26, Lucas De Marchi wrote: > > On Sun, Oct 22, 2023 at 07:09:28PM +0100, Dimitri John Ledkov wrote: > >Add support for parsing FIPS 202 SHA-3 signature hashes. Separately, > >it is not clear why explicit hashes are re-encoded here, instead of > >trying to generically show any digest openssl supports. > > > >Signed-off-by: Dimitri John Ledkov NACK > >--- > > libkmod/libkmod-signature.c | 12 ++++++++++++ > > 1 file changed, 12 insertions(+) > > > >diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c > >index b749a818f9..a39059cd7c 100644 > >--- a/libkmod/libkmod-signature.c > >+++ b/libkmod/libkmod-signature.c > >@@ -57,6 +57,9 @@ enum pkey_hash_algo { > > PKEY_HASH_SHA512, > > PKEY_HASH_SHA224, > > PKEY_HASH_SM3, > >+ PKEY_HASH_SHA3_256, > >+ PKEY_HASH_SHA3_384, > >+ PKEY_HASH_SHA3_512, > > PKEY_HASH__LAST > > }; > > > >@@ -70,6 +73,9 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > > [PKEY_HASH_SHA512] = "sha512", > > [PKEY_HASH_SHA224] = "sha224", > > [PKEY_HASH_SM3] = "sm3", > >+ [PKEY_HASH_SHA3_256] = "sha3-256", > >+ [PKEY_HASH_SHA3_384] = "sha3-384", > >+ [PKEY_HASH_SHA3_512] = "sha3-512", > > }; > > > > enum pkey_id_type { > >@@ -167,6 +173,12 @@ static int obj_to_hash_algo(const ASN1_OBJECT *o) > > case NID_sm3: > > return PKEY_HASH_SM3; > > # endif > >+ case NID_sha3_256: > >+ return PKEY_HASH_SHA3_256; > >+ case NID_sha3_384: > >+ return PKEY_HASH_SHA3_384; > >+ case NID_sha3_512: > >+ return PKEY_HASH_SHA3_512; > > > with your other patch, libkmod: remove pkcs7 obj_to_hash_algo(), this > hunk is not needed anymore. Do you want to send a new version of this > patch? This patch is no longer required, given that https://lore.kernel.org/all/20231029010319.157390-1-dimitri.ledkov@canonical.com/ is applied. Upgrade kmod to the one that has at least that patch applied, and then pkcs7 signatures are parsed correctly with everything that a runtime OpenSSL supports. Thus if you want to see SHA3 signatures, ensure your runtime libssl has SHA3 support. > > thanks > Lucas De Marchi > > > default: > > return -1; > > } > >-- > >2.34.1 > > > > -- Dimitri Sent from Ubuntu Pro https://ubuntu.com/pro