Re: [Query] RSA SHA-384 signature verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2020-06-16 at 07:03:28 +0200, Stephan Mueller wrote:
> Am Dienstag, 16. Juni 2020, 05:56:04 CEST schrieb Anshuman Gupta:
> 
> Hi Anshuman,
> 
> > On 2020-06-15 at 21:25:58 +0200, Stephan Mueller wrote:
> > > Am Montag, 15. Juni 2020, 19:04:14 CEST schrieb Anshuman Gupta:
> > > 
> > > Hi Anshuman,
> > > 
> > > > Hi ,
> > > > I wanted to verify a RSA SHA-384 signature.
> > > > I am using crypto_alloc_shash(), crypto_shash_digest() API to extract
> > > > the SHA-384 digest.
> > > > I am having public key along with the sha-384 digest extracted from raw
> > > > data and signature. AFAIU understand from crypto documentation that i
> > > > need to verify the signature by importing public key to
> > > > akcipher/skcipher API. Here i am not sure which cipher API to prefer
> > > > symmetric key cipher or asymmetric key cipher API.
> > > > 
> > > > There are two types of API to import the key.
> > > > crypto_skcipher_setkey()
> > > > crypto_akcipher_set_pub_key()
> > > > 
> > > > Also i am not sure exactly which algo to use for RSA-SHA384 signature
> > > > verification.
> > > > 
> > > > Any help or inputs from crypto community will highly appreciated.
> > > 
> > > akcipher: asymmetric key crypto
> > > 
> > > skcipher: symmetric key crypto
> > 
> > Many thanks for your input, based upon your inputs i should use
> > akcipher.
> > Actually tried to grep crypto_akcipher_set_pub_key() but there are not any
> > usages of this API in Linux drivers.
> > What is the preferred method to verify a RSA signature inside any Linux
> > GPL driver, is there any standard interface API to verify RSA signature
> > by importing input of raw data and public key or else
> > it is recommended method to use below set low level of API
> > crypto_alloc_akcipher(), akcipher_request_alloc(),
> > akcipher_request_set_crypt(), crypto_akcipher_verify().
> 
> You can use that API directly or you can go through the intermediary of the 
> crypto/asymmetric_keys API. One use case is the kernel signature verification 
> as implemented in kernel/module_signing.c
Thanks Stephan :)
> 
> > Thanks,
> > Anshuman.
> > 
> > > > Thanks ,
> > > > Anshuman Gupta.
> > > 
> > > Ciao
> > > Stephan
> 
> 
> Ciao
> Stephan
> 
>
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux