From patchwork Sun Oct 22 18:22:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 156581 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp882335vqx; Sun, 22 Oct 2023 11:22:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFWfkDBInZrG0ADgPEqMzMAF1vWzvdy+clpckzCHxgmmkCstzcTeDbeax4tEhC/asLC+zk5 X-Received: by 2002:a54:400c:0:b0:3ad:f6ad:b9d2 with SMTP id x12-20020a54400c000000b003adf6adb9d2mr8185152oie.16.1697998970512; Sun, 22 Oct 2023 11:22:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697998970; cv=none; d=google.com; s=arc-20160816; b=AWnRV7B3idnZQCZfPW6O9L1sGxiC387FaUjZ+yr9UXYyOTplK+PCrI+07vZcV+ceEU ATOkQCBBXgSMPs1wSUicFXjWUv9QvLT1m+FrI1hOT/NWKNIoeeWYI3BdM8C97l1rlw77 99npaiDKoGpA6B9QGqRvQdl3CfedvzT9ib/epDNsf4ch1oraHRTmAFkmp6Cx1uHeUPi4 tcw/eG0byEggTyp9eBSuiQKPnAEfe9d49ckbPssUYWvsC8qofxy3QzWShNajeorNb1RJ NLqgIicYe4pKo6Dn1mRTWrpC/229hhXM0+nYmQSsRiU4QVA8xVnk9POaHzFX+3E/k3CL co0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=75g1uVytfAfB4G7pprF2u0HAHdd4i0yuLNQrH1gJqY8=; fh=JF9Ldl7gJTeNGvUjc/qCvrMOTCGrVIUkYKa6ThyV7aA=; b=ImNDmkGO1FapPq8z4ue6eewxuo/MeMUqHTxjzJGGT/wKxKLI7cEsYqC0+TMUMEe0q3 AFSN0hROmY4oM5ab07OMCqAyeq+w0FvfAc0c/2mmIsnjC1Y1DYpuPTYR49Tllz72kns2 mKXWSPDouT4tMMKiMdomuGFlPEQ3MmbxLjrETf4GNsPzaHSxoFwY8iv11BiqjJde5U9G /v8H+kBrtPqOOT4Pw24blVt8t0W9gehbJfmuDxEKB1rtU7K7cD8WQCesNCZ7AbiOcO89 U8ZrBmqnEIaDfNALmKuClhdhDQ2veOTWAUDH0oIYMxbnzG4+ugXf5NTjd1d3wWrb76PH Lj4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=N4IVO7+6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id o5-20020a656a45000000b00578af609d05si5368966pgu.244.2023.10.22.11.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=N4IVO7+6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 60EDE8092C84; Sun, 22 Oct 2023 11:22:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232330AbjJVSWd (ORCPT + 27 others); Sun, 22 Oct 2023 14:22:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232336AbjJVSWb (ORCPT ); Sun, 22 Oct 2023 14:22:31 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0DF44126 for ; Sun, 22 Oct 2023 11:22:28 -0700 (PDT) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 7534E3FA76 for ; Sun, 22 Oct 2023 18:22:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697998947; bh=75g1uVytfAfB4G7pprF2u0HAHdd4i0yuLNQrH1gJqY8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=N4IVO7+6AVmBRHPpXKRjRyempzYd1AbHJ4ht+LsTdIZpY8QBsm88ClY8GSQLVZDJ4 5Qx4uWw3GtkAwzkEjlvDblS3Wr+WRE7DXR/wJ1jHwyWFd7CYdk7C7S7ebA3LQTVLKC yl9bFsX433d7+eFqlysP198UYILkqUOJrToYs/Dng881suFfJbPBRKi9PRB2iwtwrl 1DfR3Emg5V3x2JmIqx/uhd8r/nd7XUtYpdgJS2QbD1Q9zRWlyP/f36dE+tbbJKNy4c U2PospZBVkGVHw7j7dqHYlwFPE6WENCYrftLfgMdjzA4NL6glBG0HKcJrMSziIDPwW mL44wHM7D2Aww== Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-408534c3ec7so12511995e9.1 for ; Sun, 22 Oct 2023 11:22:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697998946; x=1698603746; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=75g1uVytfAfB4G7pprF2u0HAHdd4i0yuLNQrH1gJqY8=; b=kG+m3XAWSw8ciJ/XMcrBtsqzOhsCnCyyqvaQnbAwnvKldytnuMW3ZnfUeqI0NKL4xj JWSYNyheznBYXwxy85QdV3+jpExu5PAjqcwUvyvayxzhAtfA/QBmOCgRIeAvZPEISG/i f8g0xNHgIktJJPxs1HWCPtBJlXEGNk/Kn+bVVrpPd0Kro2Em87xm56O1ObqExH3kiSRn vfYNqdZzL+c+m2EXT2/bGZdHMfqZGH6xrshnrTmGwoS1slfSKBQYD6Hd6cV0T2843asp wSlMvJex3NnpMW1Kt0lLR3Q2pzKsuIxv19tX4NkjY67ejY4k1sG5cRrN8SDB9oTSkJAC wPTQ== X-Gm-Message-State: AOJu0Yxc5CUJYv30sIOG/jngTDuah19omzSSKcgue1Qj6ZBXJ/4p86zi DXIeZBVXwweskRP3X4mg90RH76z2kGdTk72WdmyqA8xKxOr+Sl6YtTIBja2jizYRL0CKLPW2M6Q OrHoVJ4Rj4z+Shjy8sszwq2zAE4A4RejY2LxWtnfNAnYeIJOAjw== X-Received: by 2002:adf:eb46:0:b0:319:6997:942e with SMTP id u6-20020adfeb46000000b003196997942emr4867520wrn.8.1697998946469; Sun, 22 Oct 2023 11:22:26 -0700 (PDT) X-Received: by 2002:adf:eb46:0:b0:319:6997:942e with SMTP id u6-20020adfeb46000000b003196997942emr4867511wrn.8.1697998946101; Sun, 22 Oct 2023 11:22:26 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id f10-20020adff98a000000b0031aef72a021sm6091289wrr.86.2023.10.22.11.22.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:25 -0700 (PDT) From: Dimitri John Ledkov To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/6] x509: Add OIDs for FIPS 202 SHA-3 hash and signatures Date: Sun, 22 Oct 2023 19:22:03 +0100 Message-Id: <20231022182208.188714-2-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231022182208.188714-1-dimitri.ledkov@canonical.com> References: <20231022182208.188714-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Sun, 22 Oct 2023 11:22:45 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780480968687817133 X-GMAIL-MSGID: 1780480968687817133 Add OID for FIPS 202 SHA-3 family of hash functions, RSA & ECDSA signatures using those. Limit to 256 or larger sizes, for interoperability reasons. 224 is too weak for any practical uses. Signed-off-by: Dimitri John Ledkov --- include/linux/oid_registry.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index 8b79e55cfc..3921fbed0b 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -129,6 +129,17 @@ enum OID { OID_TPMImportableKey, /* 2.23.133.10.1.4 */ OID_TPMSealedData, /* 2.23.133.10.1.5 */ + /* CSOR FIPS-202 SHA-3 */ + OID_sha3_256, /* 2.16.840.1.101.3.4.2.8 */ + OID_sha3_384, /* 2.16.840.1.101.3.4.2.9 */ + OID_sha3_512, /* 2.16.840.1.101.3.4.2.10 */ + OID_id_ecdsa_with_sha3_256, /* 2.16.840.1.101.3.4.3.10 */ + OID_id_ecdsa_with_sha3_384, /* 2.16.840.1.101.3.4.3.11 */ + OID_id_ecdsa_with_sha3_512, /* 2.16.840.1.101.3.4.3.12 */ + OID_id_rsassa_pkcs1_v1_5_with_sha3_256, /* 2.16.840.1.101.3.4.3.14 */ + OID_id_rsassa_pkcs1_v1_5_with_sha3_384, /* 2.16.840.1.101.3.4.3.15 */ + OID_id_rsassa_pkcs1_v1_5_with_sha3_512, /* 2.16.840.1.101.3.4.3.16 */ + OID__NR }; From patchwork Sun Oct 22 18:22:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 156582 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp882391vqx; Sun, 22 Oct 2023 11:22:58 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEIULQ7NfZZsXmLC3D7sbaSF7AwUiqyWyCgyoRXCj7OdiLVhjUZsKu0bRMqO0NHOOFDlyQ4 X-Received: by 2002:a05:6808:31a:b0:3ad:f3e6:670c with SMTP id i26-20020a056808031a00b003adf3e6670cmr8065996oie.48.1697998978462; Sun, 22 Oct 2023 11:22:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697998978; cv=none; d=google.com; s=arc-20160816; b=KBtAl3Sfoh0uUuS9AT7BD3ZZAWQ220AxETliik8nFtjhbYanzW7fX40sMr18NSLu83 X8mhuFHb+ImCiAyZW2FXNMvWt6Mas2WX8KLO4Eaysm8y/dySyHYvI9V+BygcDLIwd/E2 u/ZwyAUFAceAANLGJLShwDi/bYq6+HP37is1UIh73bT5AKrM58aPGmqBHwdDrbWgMZGw +K/AVqxkuYKkg1E7vhqjqKk+OV1A9Ntb7NDjT8cmi7bPlx10o723ZHbJ0ocXqqk29VP7 olVwPJHpIjqKnZTT+gb/CU1pco288A26qScbkhACBRTxNmjLgGfN8MwPM1oCxyT2Hyhe HSiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=v25xpGQ1lcp0WolL3qlcYpnQcJP+olpr2/Zrc8cdKEA=; fh=LKl0N6RWNnrAKX0L7JVu79bsgk4A+vraFYgV6QU3+HY=; b=jGlobgYYwzDi7XkmdlhRLXXAk6F5aHKeiZK/SAE42b73cnAtn8RUlp0HVDNEKOz/4W pZT+U+Mo/ST8b0PtOkAxBPmubeVWp3XCnpcYhF4kOSbA6IzsxnytIbIjQPja0GiVHJrc YRZ3mMkf8mQJdcAeIoBcy1uQbsyFkDK1qwmijY4R/oIqtPyQb5kJVIEDVYHIrYOyRSgS OAdZjsmmVG3w6mtWAGqmyAqc4A9IoIyW3SxuQhgS2Z1cxkUPbbSINDIjDbMxbv4g+8kS eEI9I2FcpEDLHasjvDTedYaEhMgmmlCS74GK0H8QeH4SngyvMWdGVjLZmIgWIN2O5cnR C4Mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=PFgajOYF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id w25-20020a637b19000000b005b02d7bb426si5000024pgc.282.2023.10.22.11.22.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=PFgajOYF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id A89DA80A8B78; Sun, 22 Oct 2023 11:22:53 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232336AbjJVSWl (ORCPT + 27 others); Sun, 22 Oct 2023 14:22:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232347AbjJVSWi (ORCPT ); Sun, 22 Oct 2023 14:22:38 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F681126 for ; Sun, 22 Oct 2023 11:22:36 -0700 (PDT) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 0A3FE3FA6A for ; Sun, 22 Oct 2023 18:22:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697998955; bh=v25xpGQ1lcp0WolL3qlcYpnQcJP+olpr2/Zrc8cdKEA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=PFgajOYFJj7SnhTbzmYxzlrpb/jF6FM9z0twH3/HkUtRHXTqVJERDbUPvC25hUovV ynVP3pjbsjeqIuUNkWn6m6Bgfgxn+KmJDuJYJMFSoFxjWTbd2wfeaMEwfNqfX/LRz+ ZEvJO0Kan7dI8NfDWvGfz7FCmYXSda6KKkENBDbYQ2dbKnk2rNM28GOPX8l/sEfJLQ PhVYlyCJkrGsX8UPVB53CPiehG8GSy+NzGC0Lkli1RsZ6mMDh+zdcUdi/W7D/3W2GU QM2FlFf9XfZjvvUduupPqLBciuhFti95Flxb/u8LigG6wy5Ie4x0J7NxwubehA52Md yCL2kLN1SsyIA== Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-4090181eec2so1519745e9.1 for ; Sun, 22 Oct 2023 11:22:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697998954; x=1698603754; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v25xpGQ1lcp0WolL3qlcYpnQcJP+olpr2/Zrc8cdKEA=; b=kNbHQqGdZ27j0xN0P0WK+UnqFoCZ3T8vatts6+lvF7kT4ehhe0Mj5SkOV0SNAFoyLP HpkQNd+lrSXB+NyRq7HGrzmMu4v8MrWWhk/1+TYe0zhvTjdRTrQytNI+dggIP7N4aBe9 sJFo3rT10O/Ya8a7KXlKeSPpDNVz5NiYzPHOukRowQt77anIfSFals32tXLo7YE0dbkP /FEWBFv6KrsHgkQldbN7yvTkCQdQbcDGikBN8UKXV4wEVqzefmGyFUZuQr2158GsElu+ 4fjyl1vwXo0GEXnMRnRzFgJsLF1c/Iq5nINAV+sYK8RGYe00IDYed7JntSk4JF3+OxsE S/RA== X-Gm-Message-State: AOJu0YwhuIW6vrEoGcRi4x1McDEwAHR3H68oC0jWAzyuZh62o+C2XYrJ ngy4SeplvLfXXIaRXVMy4WZ7ZpEKibr7paKQ8i+Cb/yvoi9fi0jbIabq0saKbYmb9Lb75nDwW9y tvPyZtAeGFcl8vJiBvLujDVH93wSScfy9dO2Rr3U3nzEaWqZyVA== X-Received: by 2002:a05:600c:45cb:b0:406:5359:769f with SMTP id s11-20020a05600c45cb00b004065359769fmr5412420wmo.0.1697998954546; Sun, 22 Oct 2023 11:22:34 -0700 (PDT) X-Received: by 2002:a05:600c:45cb:b0:406:5359:769f with SMTP id s11-20020a05600c45cb00b004065359769fmr5412409wmo.0.1697998953990; Sun, 22 Oct 2023 11:22:33 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id l23-20020a1c7917000000b004063cced50bsm7408148wme.23.2023.10.22.11.22.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:33 -0700 (PDT) From: Dimitri John Ledkov To: herbert@gondor.apana.org.au, "David S. Miller" Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/6] crypto: FIPS 202 SHA-3 register in hash info for IMA Date: Sun, 22 Oct 2023 19:22:04 +0100 Message-Id: <20231022182208.188714-3-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231022182208.188714-1-dimitri.ledkov@canonical.com> References: <20231022182208.188714-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 22 Oct 2023 11:22:53 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780480976522019378 X-GMAIL-MSGID: 1780480976522019378 Register FIPS 202 SHA-3 hashes in hash info for IMA and other users. Sizes 256 and up, as 224 is too weak for any practical purposes. Signed-off-by: Dimitri John Ledkov --- crypto/hash_info.c | 6 ++++++ include/crypto/hash_info.h | 1 + include/uapi/linux/hash_info.h | 3 +++ 3 files changed, 10 insertions(+) diff --git a/crypto/hash_info.c b/crypto/hash_info.c index a49ff96bde..9a467638c9 100644 --- a/crypto/hash_info.c +++ b/crypto/hash_info.c @@ -29,6 +29,9 @@ const char *const hash_algo_name[HASH_ALGO__LAST] = { [HASH_ALGO_SM3_256] = "sm3", [HASH_ALGO_STREEBOG_256] = "streebog256", [HASH_ALGO_STREEBOG_512] = "streebog512", + [HASH_ALGO_SHA3_256] = "sha3-256", + [HASH_ALGO_SHA3_384] = "sha3-384", + [HASH_ALGO_SHA3_512] = "sha3-512", }; EXPORT_SYMBOL_GPL(hash_algo_name); @@ -53,5 +56,8 @@ const int hash_digest_size[HASH_ALGO__LAST] = { [HASH_ALGO_SM3_256] = SM3256_DIGEST_SIZE, [HASH_ALGO_STREEBOG_256] = STREEBOG256_DIGEST_SIZE, [HASH_ALGO_STREEBOG_512] = STREEBOG512_DIGEST_SIZE, + [HASH_ALGO_SHA3_256] = SHA3_256_DIGEST_SIZE, + [HASH_ALGO_SHA3_384] = SHA3_384_DIGEST_SIZE, + [HASH_ALGO_SHA3_512] = SHA3_512_DIGEST_SIZE, }; EXPORT_SYMBOL_GPL(hash_digest_size); diff --git a/include/crypto/hash_info.h b/include/crypto/hash_info.h index dd4f067850..d6927739f8 100644 --- a/include/crypto/hash_info.h +++ b/include/crypto/hash_info.h @@ -10,6 +10,7 @@ #include #include +#include #include #include diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h index 74a8609fcb..0af23ec196 100644 --- a/include/uapi/linux/hash_info.h +++ b/include/uapi/linux/hash_info.h @@ -35,6 +35,9 @@ enum hash_algo { HASH_ALGO_SM3_256, HASH_ALGO_STREEBOG_256, HASH_ALGO_STREEBOG_512, + HASH_ALGO_SHA3_256, + HASH_ALGO_SHA3_384, + HASH_ALGO_SHA3_512, HASH_ALGO__LAST }; From patchwork Sun Oct 22 18:22:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 156583 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp882407vqx; Sun, 22 Oct 2023 11:23:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHMyMzUU+EMVMhyDEQ1dS3s5d/H/a30fXgnYQElaMJivsZBiiA2gl4UpLI3b2MaWeP3aFOK X-Received: by 2002:a05:6a21:47ca:b0:15d:5f9a:3921 with SMTP id as10-20020a056a2147ca00b0015d5f9a3921mr7260213pzc.27.1697998980757; Sun, 22 Oct 2023 11:23:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697998980; cv=none; d=google.com; s=arc-20160816; b=O3+eI+RQetI6IRjYjJTbu6TqhQrgcUqXMXAzolBxsKBrjmnKLZmEgKtPgZsXnfXmS3 AYtpUWL+NQew9RpIwlt/KYmWWjUCzDIr4HDELN/yEOC0kvdBAKQAxwLMkmv+bJad+mSz i6RI0L/HwuwUbgqLnHeIydBlCkJt9uaO0ZySfgaWMG2YiALbDu5TpTtWuUY2nRJEC0no VWlNbzut7gcwWjQU2stU8qM6v7MmEuYZu8KnsAh6pAu5vG+iJp3PiI0Pp2vRXjszfw36 QorQArYFSMp+XKNvm2Mb4VndMeG2a1cgGLhKodMKVNCeuQhdqU7jo3849X5O5p/bQa41 Omrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=G21LvQrZs30vZixQb7qoXSrQRZ+ChOighJd9yL5njGg=; fh=5m/YrJ2GsyILcXjmadWfvCU4+WKLYnKnXMyDZHZ4bPA=; b=qnqmL6BhPjxZ3BzMNSCEIcGvhecpexgSfhZuC73UKGC4XsK7frF3EdPiLTn0X3BTu+ /GhHFHpSxpy4m02tNDVerjO0WxCXDpV9jZRxVdMZedFx2lwF8YH6o7tzI2AOJ7vsa/hr MCn//rVZSnjuEAh8HTdhmq/I1omaX0jbY5fytk+90FQVCLV1dkSmk9XHRNaz1mQDFnqH bCrH8zn1Skfyy+y8u/fDEiWshwTcZqBnPalkGAOub2vDNlsleTo4xaotmRCdnO7M77aZ ZGiCeU1OY/2TB24MDFyXGmxeObEvEvYG1+oNLToXBYA9YxhX9NscvLELSo2+b4L1i+Ng mfIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=XnLrftOr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id y17-20020a637d11000000b005859c1e41a0si5037274pgc.201.2023.10.22.11.23.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:23:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=XnLrftOr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 6277D805ECF6; Sun, 22 Oct 2023 11:22:59 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232474AbjJVSWz (ORCPT + 27 others); Sun, 22 Oct 2023 14:22:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232310AbjJVSWr (ORCPT ); Sun, 22 Oct 2023 14:22:47 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5FB75114 for ; Sun, 22 Oct 2023 11:22:45 -0700 (PDT) Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id BBCBB3F63D for ; Sun, 22 Oct 2023 18:22:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697998959; bh=G21LvQrZs30vZixQb7qoXSrQRZ+ChOighJd9yL5njGg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=XnLrftOr4IzrIg6cLChua4GUyA7wkyQ1FEcZY+2hgAW5v6y0g2Kqf42SABbfzQg+X rODK3UdeUNWirZhNFaPwrAt6J3GiyQROkocFTYFiR/Gt1jgApA3tmMSmE8kIK0m59A is3d7xugP6mupXvo7unbGvzrpnNquVy586RRc1Qx5tRDib2wb9CECVwh2vPnNSx9PH Q8QNi5sTP2AkdoUe9ixAqglbwxC4cOJwoJJ8zJIJWenGZkLjrvm3OXGL7fX/TiDmBb dlCIACGlj9q5MuNZp5kErnJVTSDyN5ozNKlSlnoRmd/jyzOtqDphwqrPZnuZMlz7RN y6A4xcCfEKsdg== Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-32de90288d0so787250f8f.1 for ; Sun, 22 Oct 2023 11:22:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697998958; x=1698603758; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G21LvQrZs30vZixQb7qoXSrQRZ+ChOighJd9yL5njGg=; b=Q+bXdPzELTIRiigEkVyKyT1h6LDpobC6AoHgHO4T08WGxudGdG/ULHqgyi1DkSS+a/ +Ibh1SbV3MpK2T92p4zRXcUTwMFfWc3RVbAuZsWs8s7UkxSrLLlkYmMxMbLw/x8TCEsL V8XYNE6oApddiP7N5ERkYm+jxADNWzSunr8LX4GbNdnkFPSQbwCwIzHQ9LvhMAXruPen Qi0PQefPZbpbXyIhh/qwoUYy/dtpKhtxzKFRsbt37U9VRMGPlpg4q/L1S040ZdzrlgVj 8Vfwodroz158F0I+2TGJIJTby3iHPKyDUtxG1gvwYJN7jGSyrV3FnG+t+Rz8HJGrQJoU 1y4A== X-Gm-Message-State: AOJu0YwDwMn0mBmUOOxXhmHg2i2T5VD1vN+fuBAn4U2/cTYpgIaYKBVV 3h7rjIGSl22A8VZgzjDo2lF/J96pIdd9nLx+s/T8uqE3+mDybOZYL12whkvLJL7ftan0HkF7PFQ +QHEOGgWyVL60X1ETZMFBPbLVy9gqf05+qT+cyESO8A== X-Received: by 2002:adf:e387:0:b0:321:6779:944d with SMTP id e7-20020adfe387000000b003216779944dmr5166507wrm.47.1697998958651; Sun, 22 Oct 2023 11:22:38 -0700 (PDT) X-Received: by 2002:adf:e387:0:b0:321:6779:944d with SMTP id e7-20020adfe387000000b003216779944dmr5166502wrm.47.1697998958286; Sun, 22 Oct 2023 11:22:38 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id k17-20020a5d4291000000b0032da87e32e2sm6143324wrq.4.2023.10.22.11.22.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:38 -0700 (PDT) From: Dimitri John Ledkov To: herbert@gondor.apana.org.au, "David S. Miller" , Maxime Coquelin , Alexandre Torgue Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH 3/6] crypto: rsa-pkcs1pad - Add FIPS 202 SHA-3 support Date: Sun, 22 Oct 2023 19:22:05 +0100 Message-Id: <20231022182208.188714-4-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231022182208.188714-1-dimitri.ledkov@canonical.com> References: <20231022182208.188714-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 22 Oct 2023 11:22:59 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780480979580395346 X-GMAIL-MSGID: 1780480979580395346 Add support in rsa-pkcs1pad for FIPS 202 SHA-3 hashes, sizes 256 and up. As 224 is too weak for any practical purposes. Signed-off-by: Dimitri John Ledkov --- crypto/rsa-pkcs1pad.c | 25 ++++++++++++++++++++++++- crypto/testmgr.c | 12 ++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index d2e5e104f8..e32e497d29 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -61,6 +61,24 @@ static const u8 rsa_digest_info_sha512[] = { 0x05, 0x00, 0x04, 0x40 }; +static const u8 rsa_digest_info_sha3_256[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08, + 0x05, 0x00, 0x04, 0x20 +}; + +static const u8 rsa_digest_info_sha3_384[] = { + 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09, + 0x05, 0x00, 0x04, 0x30 +}; + +static const u8 rsa_digest_info_sha3_512[] = { + 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A, + 0x05, 0x00, 0x04, 0x40 +}; + static const struct rsa_asn1_template { const char *name; const u8 *data; @@ -74,8 +92,13 @@ static const struct rsa_asn1_template { _(sha384), _(sha512), _(sha224), - { NULL } #undef _ +#define _(X) { "sha3-" #X, rsa_digest_info_sha3_##X, sizeof(rsa_digest_info_sha3_##X) } + _(256), + _(384), + _(512), +#undef _ + { NULL } }; static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 54135c7610..a074430223 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5468,6 +5468,18 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "pkcs1pad(rsa,sha512)", .test = alg_test_null, .fips_allowed = 1, + }, { + .alg = "pkcs1pad(rsa,sha3-256)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "pkcs1pad(rsa,sha3-384)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "pkcs1pad(rsa,sha3-512)", + .test = alg_test_null, + .fips_allowed = 1, }, { .alg = "poly1305", .test = alg_test_hash, From patchwork Sun Oct 22 18:22:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 156584 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp882507vqx; Sun, 22 Oct 2023 11:23:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHqEaVTE/1s37oKhFEfy8DyQFhVLTqKMcD4qUyLuqz/wrs1Mxxx0cvv2izgEQ+OzYsz1qK5 X-Received: by 2002:a17:902:ea09:b0:1c8:9d32:339e with SMTP id s9-20020a170902ea0900b001c89d32339emr5377952plg.50.1697998993957; Sun, 22 Oct 2023 11:23:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697998993; cv=none; d=google.com; s=arc-20160816; b=V/fiyzCVMFFF39TOxctltUd2CGnW1UclS8JuVy2mMvxNgEycqkT/Q8HpD/dU5q5IaM vyQYixQxVpAQCyh7KLMqCNQFqEoUNz6RC1qvxGSdiPDf3lGXY1X1hynH7mTA89+KinIR +7Wq4nvOmkGaT5V+Tfnt3bimijtYVcSQEoS7pkD42pTZ8f2OwoirhLYG7pQdGWfCjbJU hxj2TysRgplggSMVFwJJkP50oH0eTMfLdFpF1sg4XuYr660ruUKjTN3DWuRBIzqtKLW/ kpUa7aZEuSyerzpK4njOHo6gsrAef91tdXfCMLp//J2i/U1yq886oV9G6juMUr+OgK6a UMLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eYf+t+El9qBlaiw5wPUd9OUTW1C9eNGz0+xZv0WFeT0=; fh=73RGR8OJSG/XgP4/AbO3tu/MDvPoghFKuUHZMNHBxH8=; b=nTG9nrdNjlcCNALfl44Qe+1NE2VUuL00jpL3W5R9sPff/BgeKD/022N2Yhuer8gFn4 oPctWp/xiMI3Z+9cWsdJxTvwAipcUTpXxhSNmycrz/GbqBEhX8sDlxktWDe+5//WNgyX a9C6EmB/wwqIrH4V9GzYrMCfYk5qM9QWwsMkNq4tDdJCpam0b08SlXhRnr7XLdV2KMXK ZOUOINXZArsdEnr6Vxcoy8ctg1SKrKXAaMC1KrIt56q8vdQsadxBSWPrNdyduin2jjaA 0QAa59qS5iSG0P3NY1xLA2WZAGHG1VaXCoQiE87qbdVAkjTkbKoExIaXXDBdAn8ljqMx yi9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=eoBwSQAV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id q9-20020a170902dac900b001c9ca0a03e8si5319244plx.68.2023.10.22.11.23.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:23:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=eoBwSQAV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 493928066634; Sun, 22 Oct 2023 11:23:11 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232709AbjJVSXA (ORCPT + 27 others); Sun, 22 Oct 2023 14:23:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232422AbjJVSWu (ORCPT ); Sun, 22 Oct 2023 14:22:50 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3FE3EE for ; Sun, 22 Oct 2023 11:22:44 -0700 (PDT) Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 56C033FADC for ; Sun, 22 Oct 2023 18:22:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697998963; bh=eYf+t+El9qBlaiw5wPUd9OUTW1C9eNGz0+xZv0WFeT0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=eoBwSQAV2jc9lvUuO6XuUtM11av8szafNo8pPQIx/9niJJ06BJvUx67ZWWIHUdN5b KReGpTAMppQ0Jymn8IIrI12jPjitKciaaJmEHWPki5FXbTImei0RvZm0RnccooW4zf A7bPrhqSC236gg6E23fi4YiUBnzyreLJ5zKXHlWNkIANrrXGx5nzuYll27oDgk5X96 2N2PZZa/Z7Y9lFW5k+LktnsFZQZIgx4eWHml114KLQKjQ7iN9HB9zEA2KEsBJUzc3n 7AzmdBaIzHYw+UxrrUgWJqOO+pxlDFh0W7SbKrcYpb9PGeTrsBR4UrZdBXusOIxr8L XNH8XgUO6DulQ== Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-32da8de4833so1252115f8f.3 for ; Sun, 22 Oct 2023 11:22:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697998963; x=1698603763; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eYf+t+El9qBlaiw5wPUd9OUTW1C9eNGz0+xZv0WFeT0=; b=Nt4M/TL8bErgMBifTLiLUe8oudMtELDfAydkRtDFRJDLXLtVfhuBoT87OZQIZ0sTjv tKPAG2/bJm5Cwu6relzz2o424MARpk8LMtmFCXEVlSG+owtSCkzpPCU2SwcX5qDtHt1f UzDxfcLWm3Y8XP9qAJYIJRNOx+cuLGStEfQTEGJyleXEXe7WIZZwogPkkHNuWoC38uTG Od3L2EsNyysxmbCsjWfI6vZPTnuUSpB1IjFoEAWK2/M5oS8FFb/3teKXOkVek2EpdQgs ke/ieSoKMSN+lS7fv3ykUPIJ9XWuY29ndBbgO/uGuTzlg1Y5AxJ9jSAN4p+6Cc/zZIea 1Qsg== X-Gm-Message-State: AOJu0Yx+ZFoI+JGGhp2bpz4xd2+l5yQ/wCOyuvr4nQmcslqgU6aQ7nnh 6Hkw1P+oEB3DYbpGVoBiBSPn1cu7WzVVpT5kq3XjdQauDVannpk0GJV3kRgmALHuKTtnm+4pvRX 0L64EhcytRH4APfTeeugmrkSQvCAAjPzqkY2E/q63lg== X-Received: by 2002:a05:6000:1183:b0:313:f463:9d40 with SMTP id g3-20020a056000118300b00313f4639d40mr3828255wrx.65.1697998962876; Sun, 22 Oct 2023 11:22:42 -0700 (PDT) X-Received: by 2002:a05:6000:1183:b0:313:f463:9d40 with SMTP id g3-20020a056000118300b00313f4639d40mr3828248wrx.65.1697998962650; Sun, 22 Oct 2023 11:22:42 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id y5-20020adff145000000b0031fd849e797sm6100729wro.105.2023.10.22.11.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:42 -0700 (PDT) From: Dimitri John Ledkov To: herbert@gondor.apana.org.au, David Howells , "David S. Miller" Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org Subject: [PATCH 4/6] crypto: x509 pkcs7 - allow FIPS 202 SHA-3 signatures Date: Sun, 22 Oct 2023 19:22:06 +0100 Message-Id: <20231022182208.188714-5-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231022182208.188714-1-dimitri.ledkov@canonical.com> References: <20231022182208.188714-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Sun, 22 Oct 2023 11:23:11 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780480993101744055 X-GMAIL-MSGID: 1780480993101744055 Add FIPS 202 SHA-3 hash signature support in x509 certificates, pkcs7 signatures, and authenticode signatures. Supports hashes of size 256 and up, as 224 is too weak for any practical purposes. Signed-off-by: Dimitri John Ledkov --- crypto/asymmetric_keys/mscode_parser.c | 9 +++++++++ crypto/asymmetric_keys/pkcs7_parser.c | 12 ++++++++++++ crypto/asymmetric_keys/public_key.c | 5 ++++- crypto/asymmetric_keys/x509_cert_parser.c | 24 +++++++++++++++++++++++ 4 files changed, 49 insertions(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c index 855cbc46a9..05402ef896 100644 --- a/crypto/asymmetric_keys/mscode_parser.c +++ b/crypto/asymmetric_keys/mscode_parser.c @@ -84,6 +84,15 @@ int mscode_note_digest_algo(void *context, size_t hdrlen, case OID_sha512: ctx->digest_algo = "sha512"; break; + case OID_sha3_256: + ctx->digest_algo = "sha3-256"; + break; + case OID_sha3_384: + ctx->digest_algo = "sha3-384"; + break; + case OID_sha3_512: + ctx->digest_algo = "sha3-512"; + break; case OID__NR: sprint_oid(value, vlen, buffer, sizeof(buffer)); diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index ab647cb4d7..5b08c50722 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -248,6 +248,15 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, case OID_gost2012Digest512: ctx->sinfo->sig->hash_algo = "streebog512"; break; + case OID_sha3_256: + ctx->sinfo->sig->hash_algo = "sha3-256"; + break; + case OID_sha3_384: + ctx->sinfo->sig->hash_algo = "sha3-384"; + break; + case OID_sha3_512: + ctx->sinfo->sig->hash_algo = "sha3-512"; + break; default: printk("Unsupported digest algo: %u\n", ctx->last_oid); return -ENOPKG; @@ -273,6 +282,9 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, case OID_id_ecdsa_with_sha256: case OID_id_ecdsa_with_sha384: case OID_id_ecdsa_with_sha512: + case OID_id_ecdsa_with_sha3_256: + case OID_id_ecdsa_with_sha3_384: + case OID_id_ecdsa_with_sha3_512: ctx->sinfo->sig->pkey_algo = "ecdsa"; ctx->sinfo->sig->encoding = "x962"; break; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 5bf0452c17..8eeab38a3d 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -119,7 +119,10 @@ software_key_determine_akcipher(const struct public_key *pkey, if (strcmp(hash_algo, "sha224") != 0 && strcmp(hash_algo, "sha256") != 0 && strcmp(hash_algo, "sha384") != 0 && - strcmp(hash_algo, "sha512") != 0) + strcmp(hash_algo, "sha512") != 0 && + strcmp(hash_algo, "sha3-256") != 0 && + strcmp(hash_algo, "sha3-384") != 0 && + strcmp(hash_algo, "sha3-512") != 0) return -EINVAL; } else if (strcmp(pkey->pkey_algo, "sm2") == 0) { if (strcmp(encoding, "raw") != 0) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 68ef1ffbbe..487204d394 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -214,6 +214,18 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, ctx->cert->sig->hash_algo = "sha224"; goto rsa_pkcs1; + case OID_id_rsassa_pkcs1_v1_5_with_sha3_256: + ctx->cert->sig->hash_algo = "sha3-256"; + goto rsa_pkcs1; + + case OID_id_rsassa_pkcs1_v1_5_with_sha3_384: + ctx->cert->sig->hash_algo = "sha3-384"; + goto rsa_pkcs1; + + case OID_id_rsassa_pkcs1_v1_5_with_sha3_512: + ctx->cert->sig->hash_algo = "sha3-512"; + goto rsa_pkcs1; + case OID_id_ecdsa_with_sha224: ctx->cert->sig->hash_algo = "sha224"; goto ecdsa; @@ -230,6 +242,18 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, ctx->cert->sig->hash_algo = "sha512"; goto ecdsa; + case OID_id_ecdsa_with_sha3_256: + ctx->cert->sig->hash_algo = "sha3-256"; + goto ecdsa; + + case OID_id_ecdsa_with_sha3_384: + ctx->cert->sig->hash_algo = "sha3-384"; + goto ecdsa; + + case OID_id_ecdsa_with_sha3_512: + ctx->cert->sig->hash_algo = "sha3-512"; + goto ecdsa; + case OID_gost2012Signature256: ctx->cert->sig->hash_algo = "streebog256"; goto ecrdsa; From patchwork Sun Oct 22 18:22:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 156585 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp882580vqx; Sun, 22 Oct 2023 11:23:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAen55YyJz0vjs2COKnbg+sHnVslUepjrVrX+pl7jBlFsYFcOVVfFIdm2UadFJij9s3fOn X-Received: by 2002:a05:6a20:daa0:b0:17b:8404:96d5 with SMTP id iy32-20020a056a20daa000b0017b840496d5mr11185529pzb.21.1697999002703; Sun, 22 Oct 2023 11:23:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697999002; cv=none; d=google.com; s=arc-20160816; b=p39I5PVg0rBb3BKSWnw3ALiFwIwebpBLxkhdofasjutDdVM9qV13FzIAgjZn1ktqc0 fImbvQk8EbKvX1v/kXnvGpO9b3K7GqsniVwcipedYTwRMi2xnnZqbtI4C8+Jo3RiV9gZ B+3HQXJ4iVwVBJnjkgRiA5ZU0M9LHXKqY3RxfTmFUSftORSt2m00pmRTMqf3LlrQpcyJ fSnlmGRLA93J0/nrlzcgj9l+dBenoCFpNEFoU+1/ggqFOUHOPxg8piFZPyhw/cXJ2/Do SfHFBP6YU0yKXFiLShZfPW+i0jnPwRr/nyNXFOniDhxYORwEUbDL8gou6AWVbgk0+K9E OgGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IXDb03/nMdyFNBY2tplz4IHYZT3E0MOfqPsaAJS0POs=; fh=ZKeIuptHfu0ur5542U7+rrG8FHxPmiCyZ2kCNgr4/mw=; b=CEOLqAIZ/D1iLPWuecEql5zRkPyCT4Y4tUWi7rsRYXS4NLsstOcfh2dy791cSxC00i 2lvYhmhcnQ/o02Ll0s2SWWCOBOYWEJ67Pzi/KoNDj78b/oEUrlzLulTo6UnS93CZEGq0 s6BND/X4RXy+JGI3Chm8AZgSgZ7RRUGFlmTYbJFjbxeB14fCsilcAMkjKYzVp6qyKN34 dHlfgMLPhS4eZ/YaoFMLqPAXoRgMntEcKopfguZHS+2qZ6SkSXUYf/hr9KRg8ThflUJ2 IH58lBbDLYTpMaW5dlt+P+gmMGATS4KAK0/MRni3ZSIFZRMqkfIbtRbGXZKyc1+/JVrE J1xA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=rsjxDL3C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id a28-20020aa7971c000000b006bd3ba8e610si5104477pfg.133.2023.10.22.11.23.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:23:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=rsjxDL3C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id BF6CA8065992; Sun, 22 Oct 2023 11:23:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232836AbjJVSXJ (ORCPT + 27 others); Sun, 22 Oct 2023 14:23:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232524AbjJVSWz (ORCPT ); Sun, 22 Oct 2023 14:22:55 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E72F6D51 for ; Sun, 22 Oct 2023 11:22:49 -0700 (PDT) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id A70BB3FD3A for ; Sun, 22 Oct 2023 18:22:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697998968; bh=IXDb03/nMdyFNBY2tplz4IHYZT3E0MOfqPsaAJS0POs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=rsjxDL3CqaODCfC5sfwR0CiMVRDqBgn2Tulmyo/UKYiBHsqa3X9Jpjk2wjRZlyQF8 s8YlrBFR5cBKri34tEcD4q98WF/o8sNjFSPLWzg38Vh/DkZevlSJT+rWnC5VR0A32M Id/ZqjQhe6mD+ywMstc81E57Jf9Ix2jqCn0vaXC863i4MwrX1vZDg4tWGpefG/7Cry kBliVECG0HpLqjeFM29Ng7nDi+fiq+ejJ40gcd/Z0LXVeQwqG0MLj7gWKnv4kAQJiU Gl8IRdggC6FN6Xi/31lSON1u+5gcOiSY3hxcNBFzTqt5aDq9NXw/yOrPKiCnDpTcHz YZqIJaQcaNqEA== Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-4083c9b426fso16331215e9.2 for ; Sun, 22 Oct 2023 11:22:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697998968; x=1698603768; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IXDb03/nMdyFNBY2tplz4IHYZT3E0MOfqPsaAJS0POs=; b=xGH0N0kGQkGWApDlduJ2FXBy9AfgEeLBRgwxVYkY1Rt3GH96aAcxV7KO1YnFP6biwB nVcjXvg7mly+pa+sPxoR7C9TeMFyZjFgmi94GYj4NuTOxCxTD1CSNqTHXzeW+D8Pja+p 1RNo/vuVZjYLDKQuLzqv6PZe70RZPeo4GkS+wa9ZfDvl5muTNbBcKGQK18xOaWIoW5qt GxwYLNnF0rye+WSVJrYtZ1K/7k5Y/E6p4ZhQkoYT52ip+vJghHU0AqfJn3JKunKpRhl5 yAAuGBHnCgSvD5jYCFnKntxjhYRI7PDPFd3FSoTLggo7KFCZKY+uMge6lPEzMYX61ov/ 5SYA== X-Gm-Message-State: AOJu0YzueV8ECeF5SGwMj6/tv9ubf4RqaSpCqiItqzgCougioXrFu0k7 JJ/wgquZnblQV9mwGgox/fdoSLvCJDTRkmDP5FZ6p9fK23zOsBDTsTL1y8oAx5QDUV98k5u7Whh Korx62Acu5zQzAimiQnWNDFZnnKHbO4YKMtXwXL5IcjqyJzgaSQ== X-Received: by 2002:a5d:560d:0:b0:32d:14a4:ab3 with SMTP id l13-20020a5d560d000000b0032d14a40ab3mr5517346wrv.24.1697998967931; Sun, 22 Oct 2023 11:22:47 -0700 (PDT) X-Received: by 2002:a5d:560d:0:b0:32d:14a4:ab3 with SMTP id l13-20020a5d560d000000b0032d14a40ab3mr5517338wrv.24.1697998967586; Sun, 22 Oct 2023 11:22:47 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id b14-20020a5d550e000000b0032d9caeab0fsm6080826wrv.77.2023.10.22.11.22.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:47 -0700 (PDT) From: Dimitri John Ledkov To: herbert@gondor.apana.org.au, David Howells , David Woodhouse , Luis Chamberlain Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-modules@vger.kernel.org Subject: [PATCH 5/6] crypto: enable automatic module signing with FIPS 202 SHA-3 Date: Sun, 22 Oct 2023 19:22:07 +0100 Message-Id: <20231022182208.188714-6-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231022182208.188714-1-dimitri.ledkov@canonical.com> References: <20231022182208.188714-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Sun, 22 Oct 2023 11:23:20 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780481002536137892 X-GMAIL-MSGID: 1780481002536137892 Add Kconfig options to use SHA-3 for kernel module signing. 256 size for RSA only, and higher sizes for RSA and NIST P-384. Signed-off-by: Dimitri John Ledkov --- certs/Kconfig | 2 +- kernel/module/Kconfig | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/certs/Kconfig b/certs/Kconfig index 84582de66b..69d192a32d 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -30,7 +30,7 @@ config MODULE_SIG_KEY_TYPE_RSA config MODULE_SIG_KEY_TYPE_ECDSA bool "ECDSA" select CRYPTO_ECDSA - depends on MODULE_SIG_SHA384 || MODULE_SIG_SHA512 + depends on !(MODULE_SIG_SHA256 || MODULE_SIG_SHA3_256) help Use an elliptic curve key (NIST P384) for module signing. Use a strong hash of same or higher bit length, i.e. sha384 or diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig index 9d7d45525f..0ea1b2970a 100644 --- a/kernel/module/Kconfig +++ b/kernel/module/Kconfig @@ -248,6 +248,18 @@ config MODULE_SIG_SHA512 bool "Sign modules with SHA-512" select CRYPTO_SHA512 +config MODULE_SIG_SHA3_256 + bool "Sign modules with SHA3-256" + select CRYPTO_SHA3 + +config MODULE_SIG_SHA3_384 + bool "Sign modules with SHA3-384" + select CRYPTO_SHA3 + +config MODULE_SIG_SHA3_512 + bool "Sign modules with SHA3-512" + select CRYPTO_SHA3 + endchoice config MODULE_SIG_HASH @@ -256,6 +268,9 @@ config MODULE_SIG_HASH default "sha256" if MODULE_SIG_SHA256 default "sha384" if MODULE_SIG_SHA384 default "sha512" if MODULE_SIG_SHA512 + default "sha3-256" if MODULE_SIG_SHA3_256 + default "sha3-384" if MODULE_SIG_SHA3_384 + default "sha3-512" if MODULE_SIG_SHA3_512 choice prompt "Module compression mode" From patchwork Sun Oct 22 18:22:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 156586 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp882664vqx; Sun, 22 Oct 2023 11:23:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEPirkLHXb4bbyP23XjajIfN+tbLyj0w7J70ORiNpavSj4g1dO04/2jSBsiSxRV9Ayck/09 X-Received: by 2002:a05:6e02:5c5:b0:350:f956:91c4 with SMTP id l5-20020a056e0205c500b00350f95691c4mr6676851ils.4.1697999018535; Sun, 22 Oct 2023 11:23:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697999018; cv=none; d=google.com; s=arc-20160816; b=JZohZevfCNI0KfEM2A9jE/BixgoEHznyqbyfjbpWSX6C07axP2uVQAbxbW3uli+wOE 9iRYmgXO2v4gVUT01ThFL41aoYH0gbFgkN4D9+QFS4w+mGIMyZhkyvYMCHB+rFgKdcPs 6zJiT0akzOF+RVqJ4m5Oqdf+0gppdQjbEs9aLg/np85EHGoLFwnxcrT00VdSIkdEsbDJ u0zgTlqcDaGZCDdwWZy4X6KGL2VRZ89yP+AWnsbLvUXMYPegPSjUr6uIArPo+rNVEKDy 582vzG6uZrohqPynySt0Bl7i1gz0VdlhK+wkT/fYxW0/hxFV2cfJUFvha9l3+zxr7z8C XyMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PFQQQyGHvq4Vgum/xnVjVuElfTVJmiceygKugibWkQQ=; fh=ITrb9JwrlwNjXJko61SsVKAP+lNoXk2Q3fiy/M+tOPY=; b=G1Re07suaQATiz7n+GwLiwH223oUJHiVK3FhyMWTDVmKmui9RC3D+/4qYFijB7DTza 6RCEBl3ezZYiYrmTU6hUXYr+5fo52hIJDabnCGboW671ZxU7kntgea08CE4lmiAGpJ6x 7e6H4Mhanz6k0vtVxLryGs6YDOk4/2M56Gxjtmc/myItpuhl8JU5I0YYLd/ivz+PHc9D OQ6ftuJwETQdPqjMgMDn95/dU+P8NOpzvFdpgM1CBu20Mj+b5nercY+R7Lk0/aEtFmZB pVeZ1NGaLxrtntH2zk+ih0IFVlgZsG/JNiM0cLy2ydCyfAUCLjuCikr4ufCjTDS3pHOH dzHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=erRTpjhP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id t16-20020a639550000000b005655bf61e32si5115813pgn.23.2023.10.22.11.23.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:23:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=erRTpjhP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 2EBD0808D28D; Sun, 22 Oct 2023 11:23:36 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232642AbjJVSX2 (ORCPT + 27 others); Sun, 22 Oct 2023 14:23:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232708AbjJVSXT (ORCPT ); Sun, 22 Oct 2023 14:23:19 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D330DD for ; Sun, 22 Oct 2023 11:23:06 -0700 (PDT) Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 9EC163FFF1 for ; Sun, 22 Oct 2023 18:23:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1697998982; bh=PFQQQyGHvq4Vgum/xnVjVuElfTVJmiceygKugibWkQQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=erRTpjhPm94AtiGjXAdCamNW8nVbB50O+cK0NJI5511lEH6Hqo2WfZiTLdBpD3f36 fWX4Ig8uCTAY8/mqKmw+RFho5bvap0978cOuOvsOo1vWrMfk5gg7iuQQIphRmK9Sfw 0cW9oqjta/9RLknZBxyQc7rn5SHN9IC/g/83H8xjm37yMLCimwJ1fAk0Nk6J3hqIHy gn/Au+ur67z1V6gYUIw/ycPtiSTcHMsd6K+i5uL/KleYrTUU6E4p8WwISMLF9+bqbz pjrNwQcCrMBRqzHwuGiqkcB1DpbPgFMRz8T6evYJd9iFwtjkq3IgLrhvP7Ez7kaNnh Ps51aqJ0qAPvg== Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-408534c3ec7so12513115e9.1 for ; Sun, 22 Oct 2023 11:23:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697998971; x=1698603771; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PFQQQyGHvq4Vgum/xnVjVuElfTVJmiceygKugibWkQQ=; b=PiBxTeNX/RX0eCa655wEqmm1MKoV9gJJmCfqtVYxhvKrSCVA3RXKGefTxKaoSSRzCh LQXha2fCCnqqpVyOqGTPtcb9SvUpyhZ6RppKdLmZQeBKCfAQcrPh1NVDIyAgz6QWofam 2EroqcJDGVGI/bblPs0NDI7XqO22E0xokzolviGsHW8mDxCLjBK/OExuE5Usl5KcafBa 6x4izZroMtFWCtICGMAeUabflqSUDidPUPxDnMze2/pOtR+AndfwlCli3G3WyAVnjGDR r5g33M29jrHUJQfxJClFhZS7vZGNiP9wMbjmRbNC6iWCSd+awxEmj4qLEJe5JD5GC/Gm JZ8w== X-Gm-Message-State: AOJu0Yx/7F30ultKo9ul0I2iPSh1vX+9kbgNWsZC2nQ7UrQXyfzF3Sak Ib62OFODOkx96lwnTZG24fpdX7pSmW2YE3/OwQGLv8Zp/5w8Fg7HkxEVJKKgfCzd+0kZq2IFMLd a90oWIZfOSG192jT+y/7+zDNZeFA3d/0rD1j4G+poDA== X-Received: by 2002:a05:600c:3d87:b0:405:7b92:4558 with SMTP id bi7-20020a05600c3d8700b004057b924558mr5636476wmb.38.1697998971510; Sun, 22 Oct 2023 11:22:51 -0700 (PDT) X-Received: by 2002:a05:600c:3d87:b0:405:7b92:4558 with SMTP id bi7-20020a05600c3d8700b004057b924558mr5636467wmb.38.1697998971268; Sun, 22 Oct 2023 11:22:51 -0700 (PDT) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id p12-20020a05600c358c00b00401b242e2e6sm12360739wmq.47.2023.10.22.11.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 11:22:51 -0700 (PDT) From: Dimitri John Ledkov To: herbert@gondor.apana.org.au, David Howells , David Woodhouse , Jonathan Corbet Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH 6/6] Documentation/module-signing.txt: bring up to date Date: Sun, 22 Oct 2023 19:22:08 +0100 Message-Id: <20231022182208.188714-7-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231022182208.188714-1-dimitri.ledkov@canonical.com> References: <20231022182208.188714-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Sun, 22 Oct 2023 11:23:36 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780481019347580705 X-GMAIL-MSGID: 1780481019347580705 Update the documentation to mention that ECC NIST P-384 automatic keypair generation is available to use ECDSA signature type, in addition to the RSA. Drop mentions of the now removed SHA-1 and SHA-224 options. Add the just added FIPS 202 SHA-3 module signature hashes. Signed-off-by: Dimitri John Ledkov --- Documentation/admin-guide/module-signing.rst | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst index 2898b27032..a8667a7774 100644 --- a/Documentation/admin-guide/module-signing.rst +++ b/Documentation/admin-guide/module-signing.rst @@ -28,10 +28,10 @@ trusted userspace bits. This facility uses X.509 ITU-T standard certificates to encode the public keys involved. The signatures are not themselves encoded in any industrial standard -type. The facility currently only supports the RSA public key encryption -standard (though it is pluggable and permits others to be used). The possible -hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and -SHA-512 (the algorithm is selected by data in the signature). +type. The built-in facility currently only supports the RSA & NIST P-384 ECDSA +public key signing standard (though it is pluggable and permits others to be +used). The possible hash algorithms that can be used are SHA-2 and SHA-3 of +sizes 256, 384, and 512 (the algorithm is selected by data in the signature). ========================== @@ -81,11 +81,12 @@ This has a number of options available: sign the modules with: =============================== ========================================== - ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with SHA-1` - ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with SHA-224` ``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with SHA-256` ``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with SHA-384` ``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with SHA-512` + ``CONFIG_MODULE_SIG_SHA3_256`` :menuselection:`Sign modules with SHA3-256` + ``CONFIG_MODULE_SIG_SHA3_384`` :menuselection:`Sign modules with SHA3-384` + ``CONFIG_MODULE_SIG_SHA3_512`` :menuselection:`Sign modules with SHA3-512` =============================== ========================================== The algorithm selected here will also be built into the kernel (rather @@ -145,6 +146,10 @@ into vmlinux) using parameters in the:: file (which is also generated if it does not already exist). +One can select between RSA (``MODULE_SIG_KEY_TYPE_RSA``) and ECDSA +(``MODULE_SIG_KEY_TYPE_ECDSA``) to generate either RSA 4k or NIST +P-384 keypair. + It is strongly recommended that you provide your own x509.genkey file. Most notably, in the x509.genkey file, the req_distinguished_name section