Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp864658pxf;
        Wed, 7 Apr 2021 13:37:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxRiWqNRd8ims3PL5fUmXr+d2Iv9k+P+ETg7WuVZMVNlpm7oph0N89HFpq8LPPZTCHbQ/OD
X-Received: by 2002:a05:6402:4405:: with SMTP id y5mr6893349eda.32.1617827840963;
        Wed, 07 Apr 2021 13:37:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617827840; cv=none;
        d=google.com; s=arc-20160816;
        b=t+tWRm7BhVAno7jetyqnRAON3jlDT91LXi1V58wiXndcafZb7H0E7Ix7jS/IbqCABU
         qJ2RcjhukCMxko6FUsliv9SPycxUejSN6nrThSYwBolw1F2oAYBC16ozK0idUKDQH38M
         qCaC+2c2WcqGRlpJSvlyIel+9zbBlfM2VuyPLn/ZFq4PUVVCleMAh3+HTQgNjtec6o1Y
         JULyJZgFey30qVUeSMd+H1m0zqEL5DK5C6VvQxVhCdC/XQq8PTiE4ZB1Q3lBu7T3UbA6
         KGZ+4o0q9E0G/DRHJgUGWMCjJ05rmG3zvYI44PfPV+JdZ4IVsGzHGxrdvMUOQ9TpTff0
         KUcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :content-language:accept-language:references:message-id:date
         :thread-index:thread-topic:subject:cc:to:from:dkim-signature;
        bh=Ozo87mw53QFg1iVoD3oCi/CesyNw/0TDyE/ALteW+DI=;
        b=pG5yUdBVXw6howcNNHPMo/FJFNgM0q4sPTI2Lz6ns0Kme5XHD2d8CBpSMwA1zqMaqT
         1huJK70S69y+SiLpYY4TcFXlHJn51DClQKKuUfYcEU9CVbMbKRZDTidKCyldbPP09g90
         0ZiLviEtC3I5PktDVOoQCD6T0D8uK61yzY2LWlDNeUGm1UZsawlvwFwtnu/NtwzlUAb1
         XAwqhrHpty+Q50Vr2HPqcSs9zoFLJQKZo4D6GzuGSR+1x0iPhMxrVw7SUurITVAg7GdA
         7/U8bOSgOTFWx7oNrNvTWF81XiuXNb3we2V675Kt2HYEWBW+un0HlAXIpfOfxTMvrOki
         ho5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tencent.com header.s=s202002 header.b=AugilU0y;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=tencent.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ka24si19813493ejc.64.2021.04.07.13.36.57;
        Wed, 07 Apr 2021 13:37:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tencent.com header.s=s202002 header.b=AugilU0y;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=tencent.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1349706AbhDGJA2 (ORCPT <rfc822;dave.gstir+lkml@gmail.com>
        + 99 others); Wed, 7 Apr 2021 05:00:28 -0400
Received: from mail4.tencent.com ([183.57.53.109]:33402 "EHLO
        mail4.tencent.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233848AbhDGJA0 (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 7 Apr 2021 05:00:26 -0400
X-Greylist: delayed 331 seconds by postgrey-1.27 at vger.kernel.org; Wed, 07 Apr 2021 05:00:24 EDT
Received: from EX-SZ018.tencent.com (unknown [10.28.6.39])
        by mail4.tencent.com (Postfix) with ESMTP id AAED0C603A;
        Wed,  7 Apr 2021 16:54:39 +0800 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tencent.com;
        s=s202002; t=1617785679;
        bh=wLcs5HJdPsEd0/IyfrDDCKbFAHmSbXPOqJcaEwkWK3E=;
        h=From:To:CC:Subject:Date:References;
        b=AugilU0ymKTimol2k6kO2rdx5e2VYD3PeWsrHSBjZ005D0JaJZjxaqBeFMq8/CSXc
         Xu8+EyJd26vbVFxm/FAL/X8m5W5VD63abI4C7GT9ObhKwM1OQaRXyZELEX1z1cPAII
         LNS0As8ZCRwOwhmmEukv0fzXTwmCJAg006ge1Yos=
Received: from EX-SZ013.tencent.com (10.28.6.37) by EX-SZ018.tencent.com
 (10.28.6.39) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 7 Apr 2021
 16:54:39 +0800
Received: from EX-SZ003.tencent.com (10.28.6.15) by EX-SZ013.tencent.com
 (10.28.6.37) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 7 Apr 2021
 16:54:39 +0800
Received: from EX-SZ003.tencent.com ([fe80::d568:905c:3bcd:8f1f]) by
 EX-SZ003.tencent.com ([fe80::d568:905c:3bcd:8f1f%12]) with mapi id
 15.01.2106.013; Wed, 7 Apr 2021 16:54:39 +0800
From:   =?iso-2022-jp?B?aGVyYmVydGhibGkoGyRCTXs5MEduGyhCKQ==?= 
        <herberthbli@tencent.com>
To:     Jarkko Sakkinen <jarkko@kernel.org>,
        Hongbo Li <herbert.tencent@gmail.com>
CC:     "keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
        "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
        "herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
        "dhowells@redhat.com" <dhowells@redhat.com>,
        "zohar@linux.ibm.com" <zohar@linux.ibm.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>
Subject: Re: [PATCH 0/5] crypto: add rsa pss support for x509(Internet mail)
Thread-Topic: [PATCH 0/5] crypto: add rsa pss support for x509(Internet mail)
Thread-Index: AQHXKuZ2jiQgEg4HGkWw/fvJB5257A==
Date:   Wed, 7 Apr 2021 08:54:39 +0000
Message-ID: <0115cbd5a3154e8d868e98d564eba997@tencent.com>
References: <1617714686-25754-1-git-send-email-herbert.tencent@gmail.com>
 <YG1vakmzanwPGsvU@kernel.org>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.14.87.198]
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

=1B$B:_=1B(B 2021/4/7 16:38, Jarkko Sakkinen =1B$B<LF;=1B(B:=0A=
> On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:=0A=
>> From: Hongbo Li <herberthbli@tencent.com>=0A=
>>=0A=
>> This series of patches adds support for x509 cert signed by RSA=0A=
>> with PSS encoding method. RSA PSS is described in rfc8017.=0A=
> Please also briefly describe it here AND also provide link to the=0A=
> RFC. In the way this currently is, it is too time consuming to=0A=
> review the patch set.=0A=
>=0A=
> /Jarkko=0A=
=0A=
Thanks, will add that in the following patches.=0A=
=0A=
=0A=
>> This series of patches adds support for x509 cert signed by RSA=0A=
>> with PSS encoding method. RSA PSS is described in rfc8017.=0A=
>>=0A=
>> Patch1 make x509 support rsa pss algo and parse hash parameter.=0A=
>>=0A=
>> Patch2 add rsa pss template.=0A=
>>=0A=
>> Patch3 add test vector for rsa pss.=0A=
>>=0A=
>> Patch4 is the ecdsa ima patch borrowed from Stefan Berge's ecdsa=0A=
>>        patch series, rsa-pss's ima patch is made on top of this patch.=
=0A=
>>=0A=
>> Patch5 is the rsa-pss's ima patch.=0A=
>>=0A=
>> Test by the following script, it tests different saltlen, hash, mgfhash.=
=0A=
>>=0A=
>> keyctl newring test @u=0A=
>>=0A=
>> while :; do=0A=
>>     for modbits in 1024 2048 4096; do=0A=
>> 	if [ $modbits -eq 1024 ]; then=0A=
>> 	    saltlen=3D(-1 -2 0 20 32 48 64 94)=0A=
>> 	elif [ $modbits -eq 2048 ]; then=0A=
>> 	    saltlen=3D(-1 -2 0 20 32 48 64 222)=0A=
>> 	else=0A=
>> 	    saltlen=3D(-1 -2 0 20 32 48 64 478)=0A=
>> 	fi=0A=
>>=0A=
>> 	for slen in ${saltlen[@]}; do=0A=
>> 	    for hash in sha1 sha224 sha256 sha384 sha512; do=0A=
>> 		for mgfhash in sha1 sha224 sha256 sha384 sha512; do=0A=
>> 		    certfile=3D"cert.der"=0A=
>> 		    echo slen $slen=0A=
>> 		    openssl req \=0A=
>> 			    -x509 \=0A=
>> 			    -${hash} \=0A=
>> 			    -newkey rsa:$modbits \=0A=
>> 			    -keyout key.pem \=0A=
>> 			    -days 365 \=0A=
>> 			    -subj '/CN=3Dtest' \=0A=
>> 			    -nodes \=0A=
>> 			    -sigopt rsa_padding_mode:pss \=0A=
>> 			    -sigopt rsa_mgf1_md:$mgfhash \=0A=
>> 			    -sigopt rsa_pss_saltlen:${slen} \=0A=
>> 			    -outform der \=0A=
>> 			    -out ${certfile} 2>/dev/null=0A=
>>=0A=
>> 		    exp=3D0=0A=
>> 		    id=3D$(keyctl padd asymmetric testkey %keyring:test < "${certfile}=
")=0A=
>> 		    rc=3D$?=0A=
>> 		    if [ $rc -ne $exp ]; then=0A=
>> 			case "$exp" in=0A=
>> 			    0) echo "Error: Could not load rsa-pss certificate!";;=0A=
>> 			esac=0A=
>> 			echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen"=0A=
>> 			exit 1=0A=
>> 		    else=0A=
>> 			case "$rc" in=0A=
>> 			    0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfha=
sh $mgfhash saltlen $slen"=0A=
>> 			esac=0A=
>> 		    fi=0A=
>> 		done=0A=
>> 	    done=0A=
>> 	done=0A=
>>     done=0A=
>> done=0A=
>>=0A=
>> Hongbo Li (5):=0A=
>>   x509: add support for rsa-pss=0A=
>>   crypto: support rsa-pss encoding=0A=
>>   crypto: add rsa pss test vector=0A=
>>   crypto: ecdsa ima support=0A=
>>   ima: add support for rsa pss verification=0A=
>>=0A=
>>  crypto/Makefile                           |   7 +-=0A=
>>  crypto/asymmetric_keys/Makefile           |   7 +-=0A=
>>  crypto/asymmetric_keys/public_key.c       |   5 ++=0A=
>>  crypto/asymmetric_keys/x509_cert_parser.c |  71 ++++++++++++++++-=0A=
>>  crypto/rsa.c                              |  14 ++--=0A=
>>  crypto/rsa_helper.c                       | 127 +++++++++++++++++++++++=
+++++++=0A=
>>  crypto/testmgr.c                          |   7 ++=0A=
>>  crypto/testmgr.h                          |  87 ++++++++++++++++++++=0A=
>>  include/crypto/internal/rsa.h             |  25 +++++-=0A=
>>  include/keys/asymmetric-type.h            |   6 ++=0A=
>>  include/linux/oid_registry.h              |   2 +=0A=
>>  security/integrity/digsig_asymmetric.c    |  34 ++++----=0A=
>>  12 files changed, 363 insertions(+), 29 deletions(-)=0A=
>>=0A=
>> -- =0A=
>> 1.8.3.1=0A=
>>=0A=
>>=0A=
>=0A=
=0A=