On Tue May 14, 2024 at 5:36 AM EEST, Joachim Vandersmissen wrote:
> On 5/13/24 3:26 PM, Jarkko Sakkinen wrote:
> > On Mon May 13, 2024 at 7:55 AM EEST, Joachim Vandersmissen wrote:
> >> + pkcs7 = pkcs7_parse_message(sig, sig_len);
> >> + if (IS_ERR(pkcs7))
> >> + panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);
> > Off-topic: wondering if Linux had similar helpers for PKCS#1 padding
> > (and if not, are they difficult to add)?
> PKCS#7 here refers to the message container format, rather than the
> padding. Internally, the PKCS#1 v1.5 padding scheme will be used (see
> software_key_determine_akcipher). Unless you are referring to PSS
> padding (also defined in PKCS#1)?
I think it should be PCKS#1 v1.5 padding as described in RFC 8017 [1]
but just for doing step 5:
https://www.rfc-editor.org/rfc/rfc8017#section-9.2.
This is for refreshing this old patch:
https://lore.kernel.org/all/20200518172704.29608-18-prestwoj@xxxxxxxxx/
I asked James if he could refresh it and one of the remarks was that
there is duplicate snippets with:
https://elixir.bootlin.com/linux/v6.9-rc6/source/crypto/rsa-pkcs1pad.c
But now that I look at this padding is not the issue here, but it is
the duplicate digest_info instances.
James has this construct in the old patch:
static const struct asn1_template {
const char *name;
const u8 *data;
size_t size;
} asn1_templates[] = {
#define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
_(md5),
_(sha1),
_(rmd160),
_(sha256),
_(sha384),
_(sha512),
_(sha224),
{ NULL }
#undef _
};
static const struct asn1_template *lookup_asn1(const char *name)
{
const struct asn1_template *p;
for (p = asn1_templates; p->name; p++)
if (strcmp(name, p->name) = 0)
return p;
return NULL;
}
Looking at this the very first thing I spot is that the last field
is redundant so let's scrape that away. I neither get why use u8*
instead of struct digest_info * so let's switch to that.
So with those substitutions, renaming and a bit of polishing (but
not yet compiling ;-)) this what I end up with:
static const struct digest_info_mapping {
char *name;
struct digest_info *info;
} digest_info_map[] = {
#define _(X) { #X, digest_info_##X, }
_(md5),
_(sha1),
_(rmd160),
_(sha256),
_(sha384),
_(sha512),
_(sha224),
{ NULL }
#undef _
};
/**
* find_digest_info() - Find digest info by the hash name
* @name: hash name
*
* Returns the digest info on success, and NULL on failure.
*
struct digest_info *find_digest_info(const char *name)
{
struct digest_info *mapping;
int i;
for (i = 0; digest_info_map[i] != NULL; i++) {
mapping = digest_info_map[i];
if (!strcmp(name, mapping->name))
return mapping->info;
}
return NULL;
}
EXPORT_SYMBOL_GPL(find_digest_info);
The instances live in rsa-pcks1pad.c so it is the most trivial
place to add this.
BR, Jarkko
