| Message ID | 20210330202829.4825-19-varad.gautam@suse.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Implement RSASSA-PSS signature verification | expand |
On Tue, Mar 30, 2021 at 10:28:29PM +0200, Varad Gautam wrote: > keyctl pkey_* operations accept enc and hash parameters at present. > RSASSA-PSS signatures also require passing in the signature salt > length. > > Add another parameter 'slen' to feed in salt length of a PSS > signature. > > Signed-off-by: Varad Gautam <varad.gautam@suse.com> > --- Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko > crypto/asymmetric_keys/asymmetric_type.c | 1 + > include/linux/keyctl.h | 1 + > security/keys/keyctl_pkey.c | 6 ++++++ > 3 files changed, 8 insertions(+) > > diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c > index ad8af3d70ac0..eb2ef4a07f8e 100644 > --- a/crypto/asymmetric_keys/asymmetric_type.c > +++ b/crypto/asymmetric_keys/asymmetric_type.c > @@ -571,6 +571,7 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params, > .hash_algo = params->hash_algo, > .digest = (void *)in, > .s = (void *)in2, > + .salt_length = params->slen, > }; > > return verify_signature(params->key, &sig); > diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h > index 5b79847207ef..970c7bed3082 100644 > --- a/include/linux/keyctl.h > +++ b/include/linux/keyctl.h > @@ -37,6 +37,7 @@ struct kernel_pkey_params { > __u32 in2_len; /* 2nd input data size (verify) */ > }; > enum kernel_pkey_operation op : 8; > + __u32 slen; > }; > > #endif /* __LINUX_KEYCTL_H */ > diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c > index 5de0d599a274..b54a021e16b1 100644 > --- a/security/keys/keyctl_pkey.c > +++ b/security/keys/keyctl_pkey.c > @@ -24,11 +24,13 @@ enum { > Opt_err, > Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */ > Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */ > + Opt_slen, /* "slen=<salt-length>" eg. "slen=32" */ > }; > > static const match_table_t param_keys = { > { Opt_enc, "enc=%s" }, > { Opt_hash, "hash=%s" }, > + { Opt_slen, "slen=%u" }, > { Opt_err, NULL } > }; > > @@ -63,6 +65,10 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params) > params->hash_algo = q; > break; > > + case Opt_slen: > + if (kstrtouint(q, 0, ¶ms->slen)) > + return -EINVAL; > + break; > default: > return -EINVAL; > } > -- > 2.30.2 > >
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index ad8af3d70ac0..eb2ef4a07f8e 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -571,6 +571,7 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params, .hash_algo = params->hash_algo, .digest = (void *)in, .s = (void *)in2, + .salt_length = params->slen, }; return verify_signature(params->key, &sig); diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index 5b79847207ef..970c7bed3082 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h @@ -37,6 +37,7 @@ struct kernel_pkey_params { __u32 in2_len; /* 2nd input data size (verify) */ }; enum kernel_pkey_operation op : 8; + __u32 slen; }; #endif /* __LINUX_KEYCTL_H */ diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 5de0d599a274..b54a021e16b1 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -24,11 +24,13 @@ enum { Opt_err, Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */ Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */ + Opt_slen, /* "slen=<salt-length>" eg. "slen=32" */ }; static const match_table_t param_keys = { { Opt_enc, "enc=%s" }, { Opt_hash, "hash=%s" }, + { Opt_slen, "slen=%u" }, { Opt_err, NULL } }; @@ -63,6 +65,10 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params) params->hash_algo = q; break; + case Opt_slen: + if (kstrtouint(q, 0, ¶ms->slen)) + return -EINVAL; + break; default: return -EINVAL; }
keyctl pkey_* operations accept enc and hash parameters at present. RSASSA-PSS signatures also require passing in the signature salt length. Add another parameter 'slen' to feed in salt length of a PSS signature. Signed-off-by: Varad Gautam <varad.gautam@suse.com> --- crypto/asymmetric_keys/asymmetric_type.c | 1 + include/linux/keyctl.h | 1 + security/keys/keyctl_pkey.c | 6 ++++++ 3 files changed, 8 insertions(+)