Re: [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS

From: Ben Boeckel <me@benboeckel.net>
To: Varad Gautam <varad.gautam@suse.com>
Cc: linux-crypto@vger.kernel.org, dhowells@redhat.com,
	herbert@gondor.apana.org.au, davem@davemloft.net,
	vt@altlinux.org, tianjia.zhang@linux.alibaba.com,
	keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
	jarkko@kernel.org, Jonathan Corbet <corbet@lwn.net>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
	"open list:SECURITY SUBSYSTEM" 
	<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS
Date: Tue, 20 Apr 2021 09:27:05 -0400	[thread overview]
Message-ID: <YH7WqfjNo33vI0VM@erythro> (raw)
In-Reply-To: <20210420114124.9684-19-varad.gautam@suse.com>

On Tue, Apr 20, 2021 at 13:41:23 +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length and the mgf hash function.
> 
> Add parameters:
> - 'saltlen' to feed in salt length of a PSS signature.
> - 'mgfhash' to feed in the hash function used for MGF.
> 
> Signed-off-by: Varad Gautam <varad.gautam@suse.com>
> CC: Jarkko Sakkinen <jarkko@kernel.org>
> CC: Ben Boeckel <me@benboeckel.net>
> ---
> v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
> 
>  Documentation/security/keys/core.rst     | 14 +++++++++++++-
>  crypto/asymmetric_keys/asymmetric_type.c |  2 ++
>  include/linux/keyctl.h                   |  2 ++
>  security/keys/keyctl_pkey.c              | 13 +++++++++++++
>  4 files changed, 30 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
> index b3ed5c581034c..4bd774c56899e 100644
> --- a/Documentation/security/keys/core.rst
> +++ b/Documentation/security/keys/core.rst
> @@ -1022,6 +1022,15 @@ The keyctl syscall functions are:
>  			which hash function was used, the hash function can be
>  			specified with this, eg. "hash=sha256".
>  
> +	``mgfhash=<algo>`` In case of "RSASSA-PSS" ("enc=pss"), this specifies
> +			the hash function used with the Mask Generation Function
> +			to generate a signature, eg. "mgfhash=sha256". Supported
> +			hashes are: sha1, sha224, sha256, sha384, and sha512.
> +
> +	``saltlen=<salt_length>`` In case of "RSASSA-PSS" ("enc=pss"), this
> +			specifies the salt length as a u16, used to generate a
                                                ^

This feels like it is missing a comma at the designated location (after
`length` if the whitespace gets mangled).

> +			signature. Eg. "saltlen=32".
> +
>       The ``__spare[]`` space in the parameter block must be set to 0.  This is
>       intended, amongst other things, to allow the passing of passphrases
>       required to unlock a key.
> @@ -1700,6 +1709,8 @@ The structure has a number of fields, some of which are mandatory:
>  			__u32	in2_len;
>  		};
>  		enum kernel_pkey_operation op : 8;
> +		__u16		salt_len;
> +		const char	*mgf_hash_algo;
>  	};
>  
>       This includes the key to be used; a string indicating the encoding to use
> @@ -1707,7 +1718,8 @@ The structure has a number of fields, some of which are mandatory:
>       RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
>       the name of the hash algorithm used to generate the data for a signature
>       (if appropriate); the sizes of the input and output (or second input)
> -     buffers; and the ID of the operation to be performed.
> +     buffers; the ID of the operation to be performed; salt length to be used
> +     in case of RSASSA-PSS; and hash algorithm used with MGF for RSASSA-PSS.
>  
>       For a given operation ID, the input and output buffers are used as
>       follows::

Thanks for the docs, they look good to me overall. Other than the comma:

    Acked-by: Ben Boeckel <mathstuf@gmail.com>

--Ben