| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210408141516.11369-19-varad.gautam@suse.com>
Date: Thu, 8 Apr 2021 16:15:16 +0200
From: Varad Gautam <varad.gautam@...e.com>
To: linux-crypto@...r.kernel.org
CC: varad.gautam@...e.com, dhowells@...hat.com,
herbert@...dor.apana.org.au, davem@...emloft.net, vt@...linux.org,
tianjia.zhang@...ux.alibaba.com, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org, jarkko@...nel.org,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
linux-security-module@...r.kernel.org (open list:SECURITY SUBSYSTEM)
Subject: [PATCH v2 18/18] keyctl_pkey: Add pkey parameters slen and mgfhash for PSS
keyctl pkey_* operations accept enc and hash parameters at present.
RSASSA-PSS signatures also require passing in the signature salt
length and the mgf hash function.
Add parameters:
- 'slen' to feed in salt length of a PSS signature.
- 'mgfhash' to feed in the hash function used for MGF.
Signed-off-by: Varad Gautam <varad.gautam@...e.com>
CC: Jarkko Sakkinen <jarkko@...nel.org>
---
v2: Accept 'mgfhash' as a parameter. v1 assumed this to be the same
as the digest hash.
crypto/asymmetric_keys/asymmetric_type.c | 2 ++
include/linux/keyctl.h | 2 ++
security/keys/keyctl_pkey.c | 13 +++++++++++++
3 files changed, 17 insertions(+)
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index ad8af3d70ac04..72c1bf964826f 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -571,6 +571,8 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
.hash_algo = params->hash_algo,
.digest = (void *)in,
.s = (void *)in2,
+ .salt_length = params->slen,
+ .mgf_hash_algo = params->mgf_hash_algo,
};
return verify_signature(params->key, &sig);
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 5b79847207ef2..753d004d76ece 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -37,6 +37,8 @@ struct kernel_pkey_params {
__u32 in2_len; /* 2nd input data size (verify) */
};
enum kernel_pkey_operation op : 8;
+ __u32 slen;
+ const char *mgf_hash_algo;
};
#endif /* __LINUX_KEYCTL_H */
diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
index 5de0d599a2748..ae3a81c726322 100644
--- a/security/keys/keyctl_pkey.c
+++ b/security/keys/keyctl_pkey.c
@@ -24,11 +24,15 @@ enum {
Opt_err,
Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */
Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */
+ Opt_slen, /* "slen=<salt-length>" eg. "slen=32" */
+ Opt_mgfhash, /* "mgfhash=<digest-name>" eg. "mgfhash=sha1" */
};
static const match_table_t param_keys = {
{ Opt_enc, "enc=%s" },
{ Opt_hash, "hash=%s" },
+ { Opt_slen, "slen=%u" },
+ { Opt_mgfhash, "mgfhash=%s" },
{ Opt_err, NULL }
};
@@ -63,6 +67,15 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)
params->hash_algo = q;
break;
+ case Opt_slen:
+ if (kstrtouint(q, 0, ¶ms->slen))
+ return -EINVAL;
+ break;
+
+ case Opt_mgfhash:
+ params->mgf_hash_algo = q;
+ break;
+
default:
return -EINVAL;
}
--
2.30.2
Powered by blists - more mailing lists