Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp375444ybt; Wed, 17 Jun 2020 03:20:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwKorPvq3lyIrrVrn8XMBkCx8aV15ZXMthPD/z5MYAskvu3L/kcV88hj/7YDwJGSRxpKk2C X-Received: by 2002:a05:6402:1592:: with SMTP id c18mr6991295edv.40.1592389233405; Wed, 17 Jun 2020 03:20:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592389233; cv=none; d=google.com; s=arc-20160816; b=cTIcA2BReL8+ISU8gjjx/2tPUc8RkZy1yEYIu5Mdt15NspN2PCQYWZbbH+VhAXiY0z y56D1/okh85sYWirtTDFRB8fXqNK+2a7Y+Px0cAGJPnpSN5UGifHDL/3jixejCsIKpB5 VWzL5+unxgOhGkcBjqTbDH7mveSGC3bourdgayf2YepBFDqRgz9xu1Obvaq/iqViQDRs u84j5M+AiuwHfULgDTDzDjjiGlEbafbaMu9HH04vC9D2YF0enbhgfyMn3B82f+/0/g+V Tw67zTqNu5DSzym2rPyuJjf8wx2Z1qWU1iBvWWqEvpDDP7dg4OMk7Rg4+MauKcqDn3Yk /z3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=3jSj2HF/a6boza0tLsMYZfH/AWKXSUGwPVTFdfk1NuM=; b=hx6EjRrxpvOuyUD0R+7zdcJ+CWEOW6a2OTDZ7/m6Q6rakTxyQoA7R3A+09gKIag6fV HBe6tE/RT6TrYfhgV7h1WA+p+HtF68nTZzckEkKqGEFgnW36ytXggKfxn7iGc8F4HKHV Vqy2vTSR4ANQCejWSL91We445JzKSa9xrFlEsOC/U1+gPNTka0FdnPUxu/Z69SEvPV+W t0G3RLjp8Z4qTfve7/7bszmHaCMdrWvFruigefCO6fAYHNGadfbluDaeWXiT66NnRqrb kfKFeCC9dtqiB2l7JcCBgu2Ek2PdG5EUADfz5xYral3yUAwzNX53g5660OnvhRpkFPDW YdlA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o25si12585340eja.361.2020.06.17.03.19.58; Wed, 17 Jun 2020 03:20:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726134AbgFQKTy (ORCPT + 99 others); Wed, 17 Jun 2020 06:19:54 -0400 Received: from mga11.intel.com ([192.55.52.93]:36103 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725967AbgFQKTx (ORCPT ); Wed, 17 Jun 2020 06:19:53 -0400 IronPort-SDR: IQa4HZp6RM4au2o30ucrJqnv6PktUKaT0Vr9DFAjDODgVpzkGqEuG+33j5MG4OQ3yWThjwEuvv GVwaj6GU614A== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jun 2020 03:19:53 -0700 IronPort-SDR: 0PzzQQ7JshR4LKNt8drek/c5E036z27Fn8SBHg8wbndmFrd/E2M+EgjaEW5ytznQCjMmpapKp0 9S2/whNh/pJw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,522,1583222400"; d="scan'208";a="262517253" Received: from unknown (HELO intel.com) ([10.223.74.178]) by orsmga007.jf.intel.com with ESMTP; 17 Jun 2020 03:19:52 -0700 Date: Wed, 17 Jun 2020 15:39:16 +0530 From: Anshuman Gupta To: Stephan Mueller Cc: linux-crypto@vger.kernel.org Subject: Re: [Query] RSA SHA-384 signature verification Message-ID: <20200617100916.GL14085@intel.com> References: <20200615170413.GF14085@intel.com> <1730161.mygNopSbl3@tauon.chronox.de> <20200616035603.GG14085@intel.com> <13970611.Hd4P73xESc@tauon.chronox.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <13970611.Hd4P73xESc@tauon.chronox.de> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 2020-06-16 at 07:03:28 +0200, Stephan Mueller wrote: > Am Dienstag, 16. Juni 2020, 05:56:04 CEST schrieb Anshuman Gupta: > > Hi Anshuman, > > > On 2020-06-15 at 21:25:58 +0200, Stephan Mueller wrote: > > > Am Montag, 15. Juni 2020, 19:04:14 CEST schrieb Anshuman Gupta: > > > > > > Hi Anshuman, > > > > > > > Hi , > > > > I wanted to verify a RSA SHA-384 signature. > > > > I am using crypto_alloc_shash(), crypto_shash_digest() API to extract > > > > the SHA-384 digest. > > > > I am having public key along with the sha-384 digest extracted from raw > > > > data and signature. AFAIU understand from crypto documentation that i > > > > need to verify the signature by importing public key to > > > > akcipher/skcipher API. Here i am not sure which cipher API to prefer > > > > symmetric key cipher or asymmetric key cipher API. > > > > > > > > There are two types of API to import the key. > > > > crypto_skcipher_setkey() > > > > crypto_akcipher_set_pub_key() > > > > > > > > Also i am not sure exactly which algo to use for RSA-SHA384 signature > > > > verification. > > > > > > > > Any help or inputs from crypto community will highly appreciated. > > > > > > akcipher: asymmetric key crypto > > > > > > skcipher: symmetric key crypto > > > > Many thanks for your input, based upon your inputs i should use > > akcipher. > > Actually tried to grep crypto_akcipher_set_pub_key() but there are not any > > usages of this API in Linux drivers. > > What is the preferred method to verify a RSA signature inside any Linux > > GPL driver, is there any standard interface API to verify RSA signature > > by importing input of raw data and public key or else > > it is recommended method to use below set low level of API > > crypto_alloc_akcipher(), akcipher_request_alloc(), > > akcipher_request_set_crypt(), crypto_akcipher_verify(). > > You can use that API directly or you can go through the intermediary of the > crypto/asymmetric_keys API. One use case is the kernel signature verification > as implemented in kernel/module_signing.c Thanks Stephan :) > > > Thanks, > > Anshuman. > > > > > > Thanks , > > > > Anshuman Gupta. > > > > > > Ciao > > > Stephan > > > Ciao > Stephan > >