Hello Varad, I also made an implementation of rsa pss: "[PATCH v3 0/4] crypto: add rsa pss support for x509". I notice your patches and did some review, find the following differences between our patches: 1. You rework the rsa pad framework. This is reasonable. 2. You did some changes on the keyctl and asymmetric struct. I don't see the reason. Because for x509 layer, it only need to know the hash param, and could ignore other params(salt len, mgfhash). Let rsa-pss itself parse the pss related params. So it seems we don't need to change asymmetric's common struct. 3. Why reject the cert whose MGF is different from the hash function used for signature generation? My implementation could support different hashes, so don't get your point. 4. I add a test vector and a patch to support using rsa-pss for iam. 5. Other implementation difference, i.e. the mgf and verify functions. Maybe we could merge our patches, what's your opinion? Best regards Hongbo Varad Gautam <varad.gautam@xxxxxxxx> 于2021年3月31日周三 上午4:31写道: > > An X.509 wrapper for a RSASSA-PSS signature contains additional > signature parameters over the PKCSv.15 encoding scheme. Extend the > x509 parser to allow parsing RSASSA-PSS encoded certificates, with > the defaults taken from RFC8017. > > A certificate is rejected if the hash function used for the MGF is > different from the hash function used for signature generation, > although this is allowed in RFC8017. > > References: https://tools.ietf.org/html/rfc8017#appendix-C > Signed-off-by: Varad Gautam <varad.gautam@xxxxxxxx> > --- > crypto/asymmetric_keys/Makefile | 5 +- > crypto/asymmetric_keys/x509_cert_parser.c | 152 ++++++++++++++++++++++ > crypto/asymmetric_keys/x509_rsassa.asn1 | 17 +++ > include/crypto/public_key.h | 4 + > include/linux/oid_registry.h | 3 + > 5 files changed, 180 insertions(+), 1 deletion(-) > create mode 100644 crypto/asymmetric_keys/x509_rsassa.asn1 >