Re: [PATCH v13 11/12] x509, pkcs7: Limit crypto combinations that may be used for module signing

Next message: David Desobry: "[PATCH v3] x86/lib: Optimize num_digits() and fix INT_MIN overflow"
Previous message: Jakub Kicinski: "Re: [PATCH RESEND net v5 0/4] vsock/virtio: fix TX credit handling"
In reply to: Eric Biggers: "Re: [PATCH v13 11/12] x509, pkcs7: Limit crypto combinations that may be used for module signing"
Next in thread: David Howells: "[PATCH v13 12/12] pkcs7: Add ML-DSA FIPS selftest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Howells

Date: Tue Jan 20 2026 - 18:19:06 EST

Vitaly Chikunov <vt@xxxxxxxxxxxx> wrote:

> > +static const struct public_key_restriction public_key_restrictions[] = {
> > + /* algo encoding hash */
> > + { "rsa", "pkcs1", "sha256" },
> > + { "rsa", "pkcs1", "sha384" },
> > + { "rsa", "pkcs1", "sha512" },
> > + { "rsa", "emsa-pss", "sha512" },
> > + { "ecdsa", "x962", "sha256" },
> > + { "ecdsa", "x962", "sha384" },
> > + { "ecdsa", "x962", "sha512" },
> > + { "ecrdsa", "raw", "sha256" },
> > + { "ecrdsa", "raw", "sha384" },
> > + { "ecrdsa", "raw", "sha512" },
>
> Why such hash choice? Aren't it should be streebog256 and streebog512?

Maybe? I don't have any example ecrdsa (assuming you're talking about that
specifically), nor does it seem that it was added to the choice of module
signing. Possibly I should drop the encoding column - or just have a list of
hashes that we accept - but we might want to limit the hashes that can use
with ML-DSA more strictly (ie. only allow SHA512).

David