diff mbox series

[v3,13/18] crypto: rsa-psspad: Get signature parameters from a given signature

Message ID 20210420114124.9684-14-varad.gautam@suse.com
State New
Headers show
Series Implement RSASSA-PSS signature verification | expand

Commit Message

Varad Gautam April 20, 2021, 11:41 a.m. UTC
Implement akcipher_alg->set_sig_params for rsassa-psspad to receive the
salt length and MGF hash function for the signature being verified.

Signed-off-by: Varad Gautam <varad.gautam@suse.com>
---
 crypto/rsa-psspad.c                  | 21 ++++++++++++++++++++-
 include/crypto/internal/rsa-common.h |  2 ++
 2 files changed, 22 insertions(+), 1 deletion(-)

Comments

Herbert Xu May 14, 2021, 10:45 a.m. UTC | #1
On Tue, Apr 20, 2021 at 01:41:18PM +0200, Varad Gautam wrote:
>

> +static int psspad_set_sig_params(struct crypto_akcipher *tfm,

> +				 const void *sig,

> +				 unsigned int siglen)

> +{

> +	struct akcipher_instance *inst = akcipher_alg_instance(tfm);

> +	struct rsapad_inst_ctx *ictx = akcipher_instance_ctx(inst);

> +	const struct public_key_signature *s = sig;

> +

> +	if (!sig)

> +		return -EINVAL;

> +

> +	ictx->salt_len = s->salt_length;

> +	ictx->mgf_hash_algo = s->mgf_hash_algo;


Is there any reason why this couldn't be embedded into the key
instead?

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Varad Gautam July 5, 2021, 9:39 a.m. UTC | #2
Hi Herbert,

On 5/14/21 12:45 PM, Herbert Xu wrote:
> On Tue, Apr 20, 2021 at 01:41:18PM +0200, Varad Gautam wrote:

>>

>> +static int psspad_set_sig_params(struct crypto_akcipher *tfm,

>> +				 const void *sig,

>> +				 unsigned int siglen)

>> +{

>> +	struct akcipher_instance *inst = akcipher_alg_instance(tfm);

>> +	struct rsapad_inst_ctx *ictx = akcipher_instance_ctx(inst);

>> +	const struct public_key_signature *s = sig;

>> +

>> +	if (!sig)

>> +		return -EINVAL;

>> +

>> +	ictx->salt_len = s->salt_length;

>> +	ictx->mgf_hash_algo = s->mgf_hash_algo;

> 

> Is there any reason why this couldn't be embedded into the key

> instead?


Sorry about the delay, do you mean setting these as part of
rsapad_set_pub_key()? 

The same pubkey can be used to verify both PSS and PKCSv1.5 style signatures,
so I don't see the signature params (salt length / mgf hash) being a part
of the pkey state.

Thanks,
Varad

> 

> Thanks,

> 


-- 
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

HRB 36809, AG Nürnberg
Geschäftsführer: Felix Imendörffer
Dimitri John Ledkov Sept. 20, 2023, 5:12 p.m. UTC | #3
Herbert Xu <herbert@gondor.apana.org.au> writes:
> On Tue, Apr 20, 2021 at 01:41:18PM +0200, Varad Gautam wrote:
>>
>> +static int psspad_set_sig_params(struct crypto_akcipher *tfm,
>> +				 const void *sig,
>> +				 unsigned int siglen)
>> +{
>> +	struct akcipher_instance *inst = akcipher_alg_instance(tfm);
>> +	struct rsapad_inst_ctx *ictx = akcipher_instance_ctx(inst);
>> +	const struct public_key_signature *s = sig;
>> +
>> +	if (!sig)
>> +		return -EINVAL;
>> +
>> +	ictx->salt_len = s->salt_length;
>> +	ictx->mgf_hash_algo = s->mgf_hash_algo;
>
> Is there any reason why this couldn't be embedded into the key
> instead?
>

Whilst is is correct that the same key can be used to verify either
types of signatures, it is best practice to use separate and new keys
in such situations. This prevents compromising key due to any
weaknesses in the one or the other signature types.

Thus imho it does make sense to embed sal_len & hash_algo into the key
instead, and thus only allow PSS signature verification with such a
key. This is common for x509 certs too as used in TLS. (at least this
is my understanding of all of this).

But this is a minor point which can fix now or later.

BTW, this patch series overall look very good to me and I want to use
PSS signatures in my kernel builds. What is the status of merging this
patch series?

Regards,

Dimitri.
diff mbox series

Patch

diff --git a/crypto/rsa-psspad.c b/crypto/rsa-psspad.c
index 40bb6d1dd2067..0a9c0f9e9f0fe 100644
--- a/crypto/rsa-psspad.c
+++ b/crypto/rsa-psspad.c
@@ -9,6 +9,7 @@ 
 #include <crypto/hash.h>
 #include <crypto/internal/akcipher.h>
 #include <crypto/internal/rsa-common.h>
+#include <crypto/public_key.h>
 
 static bool psspad_check_hash_algo(const char *hash_algo)
 {
@@ -52,6 +53,23 @@  static void psspad_free_shash(struct crypto_shash *hash_tfm, struct shash_desc *
 	crypto_free_shash(hash_tfm);
 }
 
+static int psspad_set_sig_params(struct crypto_akcipher *tfm,
+				 const void *sig,
+				 unsigned int siglen)
+{
+	struct akcipher_instance *inst = akcipher_alg_instance(tfm);
+	struct rsapad_inst_ctx *ictx = akcipher_instance_ctx(inst);
+	const struct public_key_signature *s = sig;
+
+	if (!sig)
+		return -EINVAL;
+
+	ictx->salt_len = s->salt_length;
+	ictx->mgf_hash_algo = s->mgf_hash_algo;
+
+	return 0;
+}
+
 static int psspad_s_v_e_d(struct akcipher_request *req)
 {
 	return -EOPNOTSUPP;
@@ -67,7 +85,8 @@  static struct akcipher_alg psspad_alg = {
 	.verify = psspad_s_v_e_d,
 	.set_pub_key = rsapad_set_pub_key,
 	.set_priv_key = rsapad_set_priv_key,
-	.max_size = rsapad_get_max_size
+	.max_size = rsapad_get_max_size,
+	.set_sig_params = psspad_set_sig_params
 };
 
 static int psspad_create(struct crypto_template *tmpl, struct rtattr **tb)
diff --git a/include/crypto/internal/rsa-common.h b/include/crypto/internal/rsa-common.h
index 4fa3cf5a989cc..8b7ba0174d5bf 100644
--- a/include/crypto/internal/rsa-common.h
+++ b/include/crypto/internal/rsa-common.h
@@ -26,6 +26,8 @@  struct rsapad_tfm_ctx {
 struct rsapad_inst_ctx {
 	struct crypto_akcipher_spawn spawn;
 	const struct rsa_asn1_template *digest_info;
+	u16 salt_len;
+	const char *mgf_hash_algo;
 };
 
 struct rsapad_akciper_req_ctx {