在 2021/4/7 16:38, Jarkko Sakkinen 写道: > On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote: >> From: Hongbo Li <herberthbli@xxxxxxxxxxx> >> >> This series of patches adds support for x509 cert signed by RSA >> with PSS encoding method. RSA PSS is described in rfc8017. > Please also briefly describe it here AND also provide link to the > RFC. In the way this currently is, it is too time consuming to > review the patch set. > > /Jarkko Thanks, will add that in the following patches. >> This series of patches adds support for x509 cert signed by RSA >> with PSS encoding method. RSA PSS is described in rfc8017. >> >> Patch1 make x509 support rsa pss algo and parse hash parameter. >> >> Patch2 add rsa pss template. >> >> Patch3 add test vector for rsa pss. >> >> Patch4 is the ecdsa ima patch borrowed from Stefan Berge's ecdsa >> patch series, rsa-pss's ima patch is made on top of this patch. >> >> Patch5 is the rsa-pss's ima patch. >> >> Test by the following script, it tests different saltlen, hash, mgfhash. >> >> keyctl newring test @u >> >> while :; do >> for modbits in 1024 2048 4096; do >> if [ $modbits -eq 1024 ]; then >> saltlen=(-1 -2 0 20 32 48 64 94) >> elif [ $modbits -eq 2048 ]; then >> saltlen=(-1 -2 0 20 32 48 64 222) >> else >> saltlen=(-1 -2 0 20 32 48 64 478) >> fi >> >> for slen in ${saltlen[@]}; do >> for hash in sha1 sha224 sha256 sha384 sha512; do >> for mgfhash in sha1 sha224 sha256 sha384 sha512; do >> certfile="cert.der" >> echo slen $slen >> openssl req \ >> -x509 \ >> -${hash} \ >> -newkey rsa:$modbits \ >> -keyout key.pem \ >> -days 365 \ >> -subj '/CN=test' \ >> -nodes \ >> -sigopt rsa_padding_mode:pss \ >> -sigopt rsa_mgf1_md:$mgfhash \ >> -sigopt rsa_pss_saltlen:${slen} \ >> -outform der \ >> -out ${certfile} 2>/dev/null >> >> exp=0 >> id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}") >> rc=$? >> if [ $rc -ne $exp ]; then >> case "$exp" in >> 0) echo "Error: Could not load rsa-pss certificate!";; >> esac >> echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen" >> exit 1 >> else >> case "$rc" in >> 0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfhash $mgfhash saltlen $slen" >> esac >> fi >> done >> done >> done >> done >> done >> >> Hongbo Li (5): >> x509: add support for rsa-pss >> crypto: support rsa-pss encoding >> crypto: add rsa pss test vector >> crypto: ecdsa ima support >> ima: add support for rsa pss verification >> >> crypto/Makefile | 7 +- >> crypto/asymmetric_keys/Makefile | 7 +- >> crypto/asymmetric_keys/public_key.c | 5 ++ >> crypto/asymmetric_keys/x509_cert_parser.c | 71 ++++++++++++++++- >> crypto/rsa.c | 14 ++-- >> crypto/rsa_helper.c | 127 ++++++++++++++++++++++++++++++ >> crypto/testmgr.c | 7 ++ >> crypto/testmgr.h | 87 ++++++++++++++++++++ >> include/crypto/internal/rsa.h | 25 +++++- >> include/keys/asymmetric-type.h | 6 ++ >> include/linux/oid_registry.h | 2 + >> security/integrity/digsig_asymmetric.c | 34 ++++---- >> 12 files changed, 363 insertions(+), 29 deletions(-) >> >> -- >> 1.8.3.1 >> >> >