* [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS
[not found] <20210420114124.9684-1-varad.gautam@suse.com>
@ 2021-04-20 11:41 ` Varad Gautam
2021-04-20 13:27 ` Ben Boeckel
0 siblings, 1 reply; 2+ messages in thread
From: Varad Gautam @ 2021-04-20 11:41 UTC (permalink / raw)
To: linux-crypto
Cc: varad.gautam, dhowells, herbert, davem, vt, tianjia.zhang,
keyrings, linux-kernel, jarkko, Ben Boeckel, Jonathan Corbet,
James Morris, Serge E. Hallyn, open list:DOCUMENTATION,
open list:SECURITY SUBSYSTEM
keyctl pkey_* operations accept enc and hash parameters at present.
RSASSA-PSS signatures also require passing in the signature salt
length and the mgf hash function.
Add parameters:
- 'saltlen' to feed in salt length of a PSS signature.
- 'mgfhash' to feed in the hash function used for MGF.
Signed-off-by: Varad Gautam <varad.gautam@suse.com>
CC: Jarkko Sakkinen <jarkko@kernel.org>
CC: Ben Boeckel <me@benboeckel.net>
---
v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
Documentation/security/keys/core.rst | 14 +++++++++++++-
crypto/asymmetric_keys/asymmetric_type.c | 2 ++
include/linux/keyctl.h | 2 ++
security/keys/keyctl_pkey.c | 13 +++++++++++++
4 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index b3ed5c581034c..4bd774c56899e 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -1022,6 +1022,15 @@ The keyctl syscall functions are:
which hash function was used, the hash function can be
specified with this, eg. "hash=sha256".
+ ``mgfhash=<algo>`` In case of "RSASSA-PSS" ("enc=pss"), this specifies
+ the hash function used with the Mask Generation Function
+ to generate a signature, eg. "mgfhash=sha256". Supported
+ hashes are: sha1, sha224, sha256, sha384, and sha512.
+
+ ``saltlen=<salt_length>`` In case of "RSASSA-PSS" ("enc=pss"), this
+ specifies the salt length as a u16, used to generate a
+ signature. Eg. "saltlen=32".
+
The ``__spare[]`` space in the parameter block must be set to 0. This is
intended, amongst other things, to allow the passing of passphrases
required to unlock a key.
@@ -1700,6 +1709,8 @@ The structure has a number of fields, some of which are mandatory:
__u32 in2_len;
};
enum kernel_pkey_operation op : 8;
+ __u16 salt_len;
+ const char *mgf_hash_algo;
};
This includes the key to be used; a string indicating the encoding to use
@@ -1707,7 +1718,8 @@ The structure has a number of fields, some of which are mandatory:
RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
the name of the hash algorithm used to generate the data for a signature
(if appropriate); the sizes of the input and output (or second input)
- buffers; and the ID of the operation to be performed.
+ buffers; the ID of the operation to be performed; salt length to be used
+ in case of RSASSA-PSS; and hash algorithm used with MGF for RSASSA-PSS.
For a given operation ID, the input and output buffers are used as
follows::
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index ad8af3d70ac04..2d3419509ec35 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -571,6 +571,8 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
.hash_algo = params->hash_algo,
.digest = (void *)in,
.s = (void *)in2,
+ .salt_length = params->salt_len,
+ .mgf_hash_algo = params->mgf_hash_algo,
};
return verify_signature(params->key, &sig);
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 5b79847207ef2..b0122ac6e11c9 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -37,6 +37,8 @@ struct kernel_pkey_params {
__u32 in2_len; /* 2nd input data size (verify) */
};
enum kernel_pkey_operation op : 8;
+ __u16 salt_len;
+ const char *mgf_hash_algo;
};
#endif /* __LINUX_KEYCTL_H */
diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
index 5de0d599a2748..019f112474dcd 100644
--- a/security/keys/keyctl_pkey.c
+++ b/security/keys/keyctl_pkey.c
@@ -24,11 +24,15 @@ enum {
Opt_err,
Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */
Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */
+ Opt_saltlen, /* "saltlen=<salt-length>" eg. "saltlen=32" */
+ Opt_mgfhash, /* "mgfhash=<digest-name>" eg. "mgfhash=sha1" */
};
static const match_table_t param_keys = {
{ Opt_enc, "enc=%s" },
{ Opt_hash, "hash=%s" },
+ { Opt_saltlen, "saltlen=%u" },
+ { Opt_mgfhash, "mgfhash=%s" },
{ Opt_err, NULL }
};
@@ -63,6 +67,15 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)
params->hash_algo = q;
break;
+ case Opt_saltlen:
+ if (kstrtou16(q, 0, ¶ms->salt_len))
+ return -EINVAL;
+ break;
+
+ case Opt_mgfhash:
+ params->mgf_hash_algo = q;
+ break;
+
default:
return -EINVAL;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS
2021-04-20 11:41 ` [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS Varad Gautam
@ 2021-04-20 13:27 ` Ben Boeckel
0 siblings, 0 replies; 2+ messages in thread
From: Ben Boeckel @ 2021-04-20 13:27 UTC (permalink / raw)
To: Varad Gautam
Cc: linux-crypto, dhowells, herbert, davem, vt, tianjia.zhang,
keyrings, linux-kernel, jarkko, Jonathan Corbet, James Morris,
Serge E. Hallyn, open list:DOCUMENTATION,
open list:SECURITY SUBSYSTEM
On Tue, Apr 20, 2021 at 13:41:23 +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length and the mgf hash function.
>
> Add parameters:
> - 'saltlen' to feed in salt length of a PSS signature.
> - 'mgfhash' to feed in the hash function used for MGF.
>
> Signed-off-by: Varad Gautam <varad.gautam@suse.com>
> CC: Jarkko Sakkinen <jarkko@kernel.org>
> CC: Ben Boeckel <me@benboeckel.net>
> ---
> v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
>
> Documentation/security/keys/core.rst | 14 +++++++++++++-
> crypto/asymmetric_keys/asymmetric_type.c | 2 ++
> include/linux/keyctl.h | 2 ++
> security/keys/keyctl_pkey.c | 13 +++++++++++++
> 4 files changed, 30 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
> index b3ed5c581034c..4bd774c56899e 100644
> --- a/Documentation/security/keys/core.rst
> +++ b/Documentation/security/keys/core.rst
> @@ -1022,6 +1022,15 @@ The keyctl syscall functions are:
> which hash function was used, the hash function can be
> specified with this, eg. "hash=sha256".
>
> + ``mgfhash=<algo>`` In case of "RSASSA-PSS" ("enc=pss"), this specifies
> + the hash function used with the Mask Generation Function
> + to generate a signature, eg. "mgfhash=sha256". Supported
> + hashes are: sha1, sha224, sha256, sha384, and sha512.
> +
> + ``saltlen=<salt_length>`` In case of "RSASSA-PSS" ("enc=pss"), this
> + specifies the salt length as a u16, used to generate a
^
This feels like it is missing a comma at the designated location (after
`length` if the whitespace gets mangled).
> + signature. Eg. "saltlen=32".
> +
> The ``__spare[]`` space in the parameter block must be set to 0. This is
> intended, amongst other things, to allow the passing of passphrases
> required to unlock a key.
> @@ -1700,6 +1709,8 @@ The structure has a number of fields, some of which are mandatory:
> __u32 in2_len;
> };
> enum kernel_pkey_operation op : 8;
> + __u16 salt_len;
> + const char *mgf_hash_algo;
> };
>
> This includes the key to be used; a string indicating the encoding to use
> @@ -1707,7 +1718,8 @@ The structure has a number of fields, some of which are mandatory:
> RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
> the name of the hash algorithm used to generate the data for a signature
> (if appropriate); the sizes of the input and output (or second input)
> - buffers; and the ID of the operation to be performed.
> + buffers; the ID of the operation to be performed; salt length to be used
> + in case of RSASSA-PSS; and hash algorithm used with MGF for RSASSA-PSS.
>
> For a given operation ID, the input and output buffers are used as
> follows::
Thanks for the docs, they look good to me overall. Other than the comma:
Acked-by: Ben Boeckel <mathstuf@gmail.com>
--Ben
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-20 13:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20210420114124.9684-1-varad.gautam@suse.com>
2021-04-20 11:41 ` [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS Varad Gautam
2021-04-20 13:27 ` Ben Boeckel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).