mbox series

[v4,0/4] crypto: add rsa pss support for x509

Message ID 1617802906-30513-1-git-send-email-herbert.tencent@gmail.com
Headers show
Series crypto: add rsa pss support for x509 | expand

Message

Hongbo Li April 7, 2021, 1:41 p.m. UTC
From: Hongbo Li <herberthbli@tencent.com>

This series of patches add support for x509 cert signed by RSA
with PSS encoding method which is described in RFC8017 [1].

According to RFC8017, there're two encoding methods for signing and
verification. One is PKCS1-v1_5 which is already supported by linux,
the other one is PSS which is not supported by linux yet.

Patch1 make x509 support rsa pss encoding. Because the hash algo used
        by x509_get_sig_params() is in the asn1 "RSASSA-PSS-params"[2],
        we need to parse it at x509 layer, and could ignore other params.

Patch2 adds rsa pss template. It will parse pss related params [2], such as
        mgfhash and saltlen. Then do the rsa-pss verification according
        to RFC8017 section [3] and [4]. The mgf function is according to
        section [5].

Patch3 adds test vector for rsa pss.

Patch4 is the rsa-pss's ima patch. Also a rsa-pss patch for ima-evm-utils
        has been sent. So we could use rsa-pss for ima.

Test by the following script, it tests different saltlen, hash, mgfhash.

keyctl newring test @u

while :; do
    for modbits in 1024 2048 4096; do
        if [ $modbits -eq 1024 ]; then
            saltlen=(-1 -2 0 20 32 48 64 94)
        elif [ $modbits -eq 2048 ]; then
            saltlen=(-1 -2 0 20 32 48 64 222)
        else
            saltlen=(-1 -2 0 20 32 48 64 478)
        fi

        for slen in ${saltlen[@]}; do
            for hash in sha1 sha224 sha256 sha384 sha512; do
                for mgfhash in sha1 sha224 sha256 sha384 sha512; do
                    certfile="cert.der"
                    echo slen $slen
                    openssl req \
                            -x509 \
                            -${hash} \
                            -newkey rsa:$modbits \
                            -keyout key.pem \
                            -days 365 \
                            -subj '/CN=test' \
                            -nodes \
                            -sigopt rsa_padding_mode:pss \
                            -sigopt rsa_mgf1_md:$mgfhash \
                            -sigopt rsa_pss_saltlen:${slen} \
                            -outform der \
                            -out ${certfile} 2>/dev/null

                    exp=0
                    id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}")
                    rc=$?
                    if [ $rc -ne $exp ]; then
                        case "$exp" in
                            0) echo "Error: Could not load rsa-pss certificate!";;
                        esac
                        echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen"
                        exit 1
                    else
                        case "$rc" in
                            0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfhash $mgfhash saltlen $slen"
                        esac
                    fi
                done
            done
        done
    done
done

Best Regards

Hongbo

[1] https://tools.ietf.org/html/rfc8017#section-9.1
[2] https://tools.ietf.org/html/rfc8017#appendix-A.2.3
[3] https://tools.ietf.org/html/rfc8017#section-8.1.2
[4] https://tools.ietf.org/html/rfc8017#section-9.1.2
[5] https://tools.ietf.org/html/rfc8017#appendix-B.2.1

v3->v4:
  -add RFC link, and more description of the patches

v2->v3:
  -add the crypto/rsa-psspad.c which is missed in previous patch

v1->v2:
  -rebase patches to cryptodev/master to fix the issues that
   reported-by: kernel test robot <lkp@intel.com>

Hongbo Li (4):
  x509: add support for rsa-pss
  crypto: support rsa-pss encoding
  crypto: add rsa pss test vector
  ima: add support for rsa pss verification

 crypto/Makefile                                |   7 +-
 crypto/asymmetric_keys/Makefile                |   7 +-
 crypto/asymmetric_keys/public_key.c            |   5 +
 crypto/asymmetric_keys/x509_cert_parser.c      |  71 ++++-
 crypto/asymmetric_keys/x509_rsapss_params.asn1 |  19 ++
 crypto/rsa-psspad.c                            | 398 +++++++++++++++++++++++++
 crypto/rsa.c                                   |  14 +-
 crypto/rsa_helper.c                            | 127 ++++++++
 crypto/rsapss_params.asn1                      |  21 ++
 crypto/testmgr.c                               |   7 +
 crypto/testmgr.h                               |  90 ++++++
 include/crypto/internal/rsa.h                  |  25 +-
 include/linux/oid_registry.h                   |   2 +
 security/integrity/digsig_asymmetric.c         |  18 +-
 14 files changed, 791 insertions(+), 20 deletions(-)
 create mode 100644 crypto/asymmetric_keys/x509_rsapss_params.asn1
 create mode 100644 crypto/rsa-psspad.c
 create mode 100644 crypto/rsapss_params.asn1