From: Ben Boeckel <me@benboeckel.net>
To: Varad Gautam <varad.gautam@suse.com>
Cc: linux-crypto@vger.kernel.org, dhowells@redhat.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
vt@altlinux.org, tianjia.zhang@linux.alibaba.com,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
jarkko@kernel.org, Jonathan Corbet <corbet@lwn.net>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS
Date: Tue, 20 Apr 2021 09:27:05 -0400 [thread overview]
Message-ID: <YH7WqfjNo33vI0VM@erythro> (raw)
In-Reply-To: <20210420114124.9684-19-varad.gautam@suse.com>
On Tue, Apr 20, 2021 at 13:41:23 +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length and the mgf hash function.
>
> Add parameters:
> - 'saltlen' to feed in salt length of a PSS signature.
> - 'mgfhash' to feed in the hash function used for MGF.
>
> Signed-off-by: Varad Gautam <varad.gautam@suse.com>
> CC: Jarkko Sakkinen <jarkko@kernel.org>
> CC: Ben Boeckel <me@benboeckel.net>
> ---
> v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
>
> Documentation/security/keys/core.rst | 14 +++++++++++++-
> crypto/asymmetric_keys/asymmetric_type.c | 2 ++
> include/linux/keyctl.h | 2 ++
> security/keys/keyctl_pkey.c | 13 +++++++++++++
> 4 files changed, 30 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
> index b3ed5c581034c..4bd774c56899e 100644
> --- a/Documentation/security/keys/core.rst
> +++ b/Documentation/security/keys/core.rst
> @@ -1022,6 +1022,15 @@ The keyctl syscall functions are:
> which hash function was used, the hash function can be
> specified with this, eg. "hash=sha256".
>
> + ``mgfhash=<algo>`` In case of "RSASSA-PSS" ("enc=pss"), this specifies
> + the hash function used with the Mask Generation Function
> + to generate a signature, eg. "mgfhash=sha256". Supported
> + hashes are: sha1, sha224, sha256, sha384, and sha512.
> +
> + ``saltlen=<salt_length>`` In case of "RSASSA-PSS" ("enc=pss"), this
> + specifies the salt length as a u16, used to generate a
^
This feels like it is missing a comma at the designated location (after
`length` if the whitespace gets mangled).
> + signature. Eg. "saltlen=32".
> +
> The ``__spare[]`` space in the parameter block must be set to 0. This is
> intended, amongst other things, to allow the passing of passphrases
> required to unlock a key.
> @@ -1700,6 +1709,8 @@ The structure has a number of fields, some of which are mandatory:
> __u32 in2_len;
> };
> enum kernel_pkey_operation op : 8;
> + __u16 salt_len;
> + const char *mgf_hash_algo;
> };
>
> This includes the key to be used; a string indicating the encoding to use
> @@ -1707,7 +1718,8 @@ The structure has a number of fields, some of which are mandatory:
> RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
> the name of the hash algorithm used to generate the data for a signature
> (if appropriate); the sizes of the input and output (or second input)
> - buffers; and the ID of the operation to be performed.
> + buffers; the ID of the operation to be performed; salt length to be used
> + in case of RSASSA-PSS; and hash algorithm used with MGF for RSASSA-PSS.
>
> For a given operation ID, the input and output buffers are used as
> follows::
Thanks for the docs, they look good to me overall. Other than the comma:
Acked-by: Ben Boeckel <mathstuf@gmail.com>
--Ben
prev parent reply other threads:[~2021-04-20 13:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210420114124.9684-1-varad.gautam@suse.com>
2021-04-20 11:41 ` [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS Varad Gautam
2021-04-20 13:27 ` Ben Boeckel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YH7WqfjNo33vI0VM@erythro \
--to=me@benboeckel.net \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=varad.gautam@suse.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).