lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YGUCB1jKCPvn60n2@kernel.org>
Date:   Thu, 1 Apr 2021 02:13:11 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Varad Gautam <varad.gautam@...e.com>
Cc:     linux-crypto@...r.kernel.org, David Howells <dhowells@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        "open list:ASYMMETRIC KEYS" <keyrings@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        "open list:SECURITY SUBSYSTEM" 
        <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in
 PSS salt length

On Tue, Mar 30, 2021 at 10:28:29PM +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length.
> 
> Add another parameter 'slen' to feed in salt length of a PSS
> signature.
> 
> Signed-off-by: Varad Gautam <varad.gautam@...e.com>
> ---


Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>

/Jarkko

>  crypto/asymmetric_keys/asymmetric_type.c | 1 +
>  include/linux/keyctl.h                   | 1 +
>  security/keys/keyctl_pkey.c              | 6 ++++++
>  3 files changed, 8 insertions(+)
> 
> diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
> index ad8af3d70ac0..eb2ef4a07f8e 100644
> --- a/crypto/asymmetric_keys/asymmetric_type.c
> +++ b/crypto/asymmetric_keys/asymmetric_type.c
> @@ -571,6 +571,7 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
>  		.hash_algo	= params->hash_algo,
>  		.digest		= (void *)in,
>  		.s		= (void *)in2,
> +		.salt_length	= params->slen,
>  	};
>  
>  	return verify_signature(params->key, &sig);
> diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
> index 5b79847207ef..970c7bed3082 100644
> --- a/include/linux/keyctl.h
> +++ b/include/linux/keyctl.h
> @@ -37,6 +37,7 @@ struct kernel_pkey_params {
>  		__u32	in2_len;	/* 2nd input data size (verify) */
>  	};
>  	enum kernel_pkey_operation op : 8;
> +	__u32		slen;
>  };
>  
>  #endif /* __LINUX_KEYCTL_H */
> diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
> index 5de0d599a274..b54a021e16b1 100644
> --- a/security/keys/keyctl_pkey.c
> +++ b/security/keys/keyctl_pkey.c
> @@ -24,11 +24,13 @@ enum {
>  	Opt_err,
>  	Opt_enc,		/* "enc=<encoding>" eg. "enc=oaep" */
>  	Opt_hash,		/* "hash=<digest-name>" eg. "hash=sha1" */
> +	Opt_slen,		/* "slen=<salt-length>" eg. "slen=32" */
>  };
>  
>  static const match_table_t param_keys = {
>  	{ Opt_enc,	"enc=%s" },
>  	{ Opt_hash,	"hash=%s" },
> +	{ Opt_slen,	"slen=%u" },
>  	{ Opt_err,	NULL }
>  };
>  
> @@ -63,6 +65,10 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)
>  			params->hash_algo = q;
>  			break;
>  
> +		case Opt_slen:
> +			if (kstrtouint(q, 0, &params->slen))
> +				return -EINVAL;
> +			break;
>  		default:
>  			return -EINVAL;
>  		}
> -- 
> 2.30.2
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ