Re: [PATCH v1 05/21] pgp: factor out rsa

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 05/21] pgp: factor out rsa_pad

From:	Vladimir 'phcoder' Serbinenko
Subject:	Re: [PATCH v1 05/21] pgp: factor out rsa_pad
Date:	Sat, 4 Jan 2025 21:40:05 +0300

rsa_pad will be removed when we update libgcrypt (see pending patch).
Can we accommodate for this?

On Wed, Dec 18, 2024 at 5:58 PM Sudhakar Kuppusamy
<sudhakar@linux.ibm.com> wrote:
>
> From: Daniel Axtens <dja@axtens.net>
>
> rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme.
> We want to use it in other RSA signature verification applications.
>
> I considered and rejected putting it in lib/crypto.c. That file doesn't
> currently require any MPI functions, but rsa_pad does. That's not so
> much of a problem for the grub kernel and modules, but crypto.c also
> gets built into all the grub utilities. So - despite the utils not
> using any asymmetric ciphers -  we would need to built the entire MPI
> infrastructure in to them.
>
> A better and simpler solution is just to spin rsa_pad out into its own
> PKCS#1 v1.5 module.
>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
> Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
> ---
>  grub-core/Makefile.core.def |  8 +++++
>  grub-core/commands/pgp.c    | 28 ++----------------
>  grub-core/lib/pkcs1_v15.c   | 59 +++++++++++++++++++++++++++++++++++++
>  include/grub/pkcs1_v15.h    | 27 +++++++++++++++++
>  4 files changed, 96 insertions(+), 26 deletions(-)
>  create mode 100644 grub-core/lib/pkcs1_v15.c
>  create mode 100644 include/grub/pkcs1_v15.h
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index f70e02e69..60db2adc5 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -2540,6 +2540,14 @@ module = {
>    cppflags = '$(CPPFLAGS_GCRY)';
>  };
>
> +module = {
> +  name = pkcs1_v15;
> +  common = lib/pkcs1_v15.c;
> +
> +  cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls -Wno-sign-compare';
> +  cppflags = '$(CPPFLAGS_GCRY)';
> +};
> +
>  module = {
>    name = all_video;
>    common = lib/fake_module.c;
> diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
> index c6766f044..b084dc9a2 100644
> --- a/grub-core/commands/pgp.c
> +++ b/grub-core/commands/pgp.c
> @@ -24,6 +24,7 @@
>  #include <grub/file.h>
>  #include <grub/command.h>
>  #include <grub/crypto.h>
> +#include <grub/pkcs1_v15.h>
>  #include <grub/i18n.h>
>  #include <grub/gcrypt/gcrypt.h>
>  #include <grub/pubkey.h>
> @@ -411,32 +412,7 @@ static int
>  rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval,
>          const gcry_md_spec_t *hash, struct grub_public_subkey *sk)
>  {
> -  grub_size_t tlen, emlen, fflen;
> -  grub_uint8_t *em, *emptr;
> -  unsigned nbits = gcry_mpi_get_nbits (sk->mpis[0]);
> -  int ret;
> -  tlen = hash->mdlen + hash->asnlen;
> -  emlen = (nbits + 7) / 8;
> -  if (emlen < tlen + 11)
> -    return 1;
> -
> -  em = grub_malloc (emlen);
> -  if (!em)
> -    return 1;
> -
> -  em[0] = 0x00;
> -  em[1] = 0x01;
> -  fflen = emlen - tlen - 3;
> -  for (emptr = em + 2; emptr < em + 2 + fflen; emptr++)
> -    *emptr = 0xff;
> -  *emptr++ = 0x00;
> -  grub_memcpy (emptr, hash->asnoid, hash->asnlen);
> -  emptr += hash->asnlen;
> -  grub_memcpy (emptr, hval, hash->mdlen);
> -
> -  ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0);
> -  grub_free (em);
> -  return ret;
> +  return grub_crypto_rsa_pad(hmpi, hval, hash, sk->mpis[0]);
>  }
>
>  struct grub_pubkey_context
> diff --git a/grub-core/lib/pkcs1_v15.c b/grub-core/lib/pkcs1_v15.c
> new file mode 100644
> index 000000000..dbacd563d
> --- /dev/null
> +++ b/grub-core/lib/pkcs1_v15.c
> @@ -0,0 +1,59 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2013  Free Software Foundation, Inc.
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/dl.h>
> +#include <grub/gcrypt/gcrypt.h>
> +
> +GRUB_MOD_LICENSE ("GPLv3+");
> +
> +/*
> + * Given a hash value 'hval', of hash specification 'hash', perform
> + * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod'
> + * (see RFC 8017 s 9.2) and place the result in 'hmpi'.
> + */
> +gcry_err_code_t
> +grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval,
> +                    const gcry_md_spec_t * hash, gcry_mpi_t mod)
> +{
> +  grub_size_t tlen, emlen, fflen;
> +  grub_uint8_t *em, *emptr;
> +  unsigned nbits = gcry_mpi_get_nbits (mod);
> +  int ret;
> +  tlen = hash->mdlen + hash->asnlen;
> +  emlen = (nbits + 7) / 8;
> +  if (emlen < tlen + 11)
> +    return GPG_ERR_TOO_SHORT;
> +
> +  em = grub_malloc (emlen);
> +  if (!em)
> +    return 1;
> +
> +  em[0] = 0x00;
> +  em[1] = 0x01;
> +  fflen = emlen - tlen - 3;
> +  for (emptr = em + 2; emptr < em + 2 + fflen; emptr++)
> +    *emptr = 0xff;
> +  *emptr++ = 0x00;
> +  grub_memcpy (emptr, hash->asnoid, hash->asnlen);
> +  emptr += hash->asnlen;
> +  grub_memcpy (emptr, hval, hash->mdlen);
> +
> +  ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0);
> +  grub_free (em);
> +  return ret;
> +}
> diff --git a/include/grub/pkcs1_v15.h b/include/grub/pkcs1_v15.h
> new file mode 100644
> index 000000000..5c338c84a
> --- /dev/null
> +++ b/include/grub/pkcs1_v15.h
> @@ -0,0 +1,27 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2013  Free Software Foundation, Inc.
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +/*
> + * Given a hash value 'hval', of hash specification 'hash', perform
> + * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod'
> + * (See RFC 8017 s 9.2)
> + */
> +gcry_err_code_t
> +grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval,
> +                    const gcry_md_spec_t * hash, gcry_mpi_t mod);
> +
> --
> 2.43.5
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel



-- 
Regards
Vladimir 'phcoder' Serbinenko

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v1 05/21] pgp: factor out rsa_pad, Vladimir 'phcoder' Serbinenko <=
- Re: [PATCH v1 05/21] pgp: factor out rsa_pad, Avnish Chouhan, 2025/01/24

Prev by Date: Re: [PATCH v1 04/21] dl: provide a fake grub_dl_set_persistent for the emu target
Next by Date: Re: [PATCH v1 06/21] crypto: move storage for grub_crypto_pk_* to crypto.c
Previous by thread: Re: [PATCH v1 04/21] dl: provide a fake grub_dl_set_persistent for the emu target
Next by thread: Re: [PATCH v1 05/21] pgp: factor out rsa_pad
Index(es):
- Date
- Thread