RSA signature verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Herbert,

I work on kernel RSA verification for IMA/EVM.

Currently I have a patch which provides "direct" API like ksign_verify()
to get signature verified.
I was thinking about doing it via crypto interface as usual but for now
I have done it directly.
I have found some very old (5y) patches where someone tried to have it
as kind of hash API.
update(), update(), final...

As RSA, in contrast to hash, has like sign/verify operations.
For the kernel there is only verify.

Snippet from the code:

-----------------------------------------------------------------------
    desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
               GFP_KERNEL);
    if (!desc)
        goto err;

    desc->tfm = shash;
    desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;

    crypto_shash_init(desc);
    crypto_shash_update(desc, digest, digestlen);
    crypto_shash_update(desc, sig, sizeof(*sh));
    crypto_shash_final(desc, h);

    kfree(desc);

    /* pass signature mpis address */
    err = ksign_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
                 h, sizeof(h));

-----------------------------------------------------------------------

So hash is calculated which is then verified against
signature.

Do you think it make sense to have it as a crypto "algo"
What kind of API you would have in mind?

Thanks,
Dmitry

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux