Re: [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko@kernel.org>
To: Varad Gautam <varad.gautam@suse.com>
Cc: linux-crypto@vger.kernel.org, David Howells <dhowells@redhat.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>,
	"open list:SECURITY SUBSYSTEM" 
	<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length
Date: Thu, 1 Apr 2021 02:13:11 +0300	[thread overview]
Message-ID: <YGUCB1jKCPvn60n2@kernel.org> (raw)
In-Reply-To: <20210330202829.4825-19-varad.gautam@suse.com>

On Tue, Mar 30, 2021 at 10:28:29PM +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length.
> 
> Add another parameter 'slen' to feed in salt length of a PSS
> signature.
> 
> Signed-off-by: Varad Gautam <varad.gautam@suse.com>
> ---


Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

/Jarkko

>  crypto/asymmetric_keys/asymmetric_type.c | 1 +
>  include/linux/keyctl.h                   | 1 +
>  security/keys/keyctl_pkey.c              | 6 ++++++
>  3 files changed, 8 insertions(+)
> 
> diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
> index ad8af3d70ac0..eb2ef4a07f8e 100644
> --- a/crypto/asymmetric_keys/asymmetric_type.c
> +++ b/crypto/asymmetric_keys/asymmetric_type.c
> @@ -571,6 +571,7 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
>  		.hash_algo	= params->hash_algo,
>  		.digest		= (void *)in,
>  		.s		= (void *)in2,
> +		.salt_length	= params->slen,
>  	};
>  
>  	return verify_signature(params->key, &sig);
> diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
> index 5b79847207ef..970c7bed3082 100644
> --- a/include/linux/keyctl.h
> +++ b/include/linux/keyctl.h
> @@ -37,6 +37,7 @@ struct kernel_pkey_params {
>  		__u32	in2_len;	/* 2nd input data size (verify) */
>  	};
>  	enum kernel_pkey_operation op : 8;
> +	__u32		slen;
>  };
>  
>  #endif /* __LINUX_KEYCTL_H */
> diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
> index 5de0d599a274..b54a021e16b1 100644
> --- a/security/keys/keyctl_pkey.c
> +++ b/security/keys/keyctl_pkey.c
> @@ -24,11 +24,13 @@ enum {
>  	Opt_err,
>  	Opt_enc,		/* "enc=<encoding>" eg. "enc=oaep" */
>  	Opt_hash,		/* "hash=<digest-name>" eg. "hash=sha1" */
> +	Opt_slen,		/* "slen=<salt-length>" eg. "slen=32" */
>  };
>  
>  static const match_table_t param_keys = {
>  	{ Opt_enc,	"enc=%s" },
>  	{ Opt_hash,	"hash=%s" },
> +	{ Opt_slen,	"slen=%u" },
>  	{ Opt_err,	NULL }
>  };
>  
> @@ -63,6 +65,10 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)
>  			params->hash_algo = q;
>  			break;
>  
> +		case Opt_slen:
> +			if (kstrtouint(q, 0, &params->slen))
> +				return -EINVAL;
> +			break;
>  		default:
>  			return -EINVAL;
>  		}
> -- 
> 2.30.2
> 
>

     prev parent reply	other threads:[~2021-03-31 23:14 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-30 20:28 [PATCH 00/18] Implement RSASSA-PSS signature verification Varad Gautam
2021-04-01  7:31 ` Varad Gautam
2021-03-30 20:28 ` [PATCH 01/18] X.509: Parse RSASSA-PSS style certificates Varad Gautam
2021-03-31  2:10   ` kernel test robot
2021-03-31  2:10     ` kernel test robot
2021-04-01  1:09   ` Herbert Xu
2021-04-01  7:43     ` Varad Gautam
2021-04-07  8:27   ` hongbo li
2021-04-07 21:20     ` Varad Gautam
     [not found]       ` <CABpmuw+br=4N7OV8KXR7iZosGj7SVKMS=DV_-axgMgsh-+189A@mail.gmail.com>
2021-04-08 14:21         ` Varad Gautam
2021-03-30 20:28 ` [PATCH 02/18] crypto: rsa-pkcs1pad: Rename pkcs1pad-specific functions to rsapad Varad Gautam
2021-03-30 20:28 ` [PATCH 03/18] crypto: rsa-pkcs1pad: Extract pkcs1pad_create into a generic helper Varad Gautam
2021-03-30 20:28 ` [PATCH 04/18] crypto: rsa-pkcs1pad: Pull out child req processing code into helpers Varad Gautam
2021-03-30 20:28 ` [PATCH 05/18] crypto: rsa-pkcs1pad: Rename pkcs1pad_* structs to rsapad_* Varad Gautam
2021-03-30 20:28 ` [PATCH 06/18] crypto: rsa: Start moving RSA common code to rsa-common Varad Gautam
2021-03-30 20:28 ` [PATCH 07/18] crypto: rsa: Move more " Varad Gautam
2021-03-30 20:28 ` [PATCH 08/18] crypto: rsa: Move rsapad_akcipher_setup_child and callback " Varad Gautam
2021-03-30 20:28 ` [PATCH 09/18] crypto: Extend akcipher API to pass signature parameters Varad Gautam
2021-03-30 20:28 ` [PATCH 10/18] crypto: rsa: Move struct rsa_mpi_key definition to rsa.h Varad Gautam
2021-03-30 20:28 ` [PATCH 11/18] crypto: Scaffolding for RSA-PSS signature style Varad Gautam
2021-03-30 20:28 ` [PATCH 12/18] crypto: rsa-psspad: Introduce shash alloc/dealloc helpers Varad Gautam
2021-03-30 20:28 ` [PATCH 13/18] crypto: rsa-psspad: Get signature salt length from a given signature Varad Gautam
2021-03-30 20:28 ` [PATCH 14/18] crypto: Implement MGF1 Mask Generation Function for RSASSA-PSS Varad Gautam
2021-03-30 20:28 ` [PATCH 15/18] crypto: rsa-psspad: Provide PSS signature verify operation Varad Gautam
2021-03-30 20:28 ` [PATCH 16/18] crypto: rsa-psspad: Implement signature verify callback Varad Gautam
2021-03-30 20:28 ` [PATCH 17/18] crypto: Accept pss as valid encoding during signature verification Varad Gautam
2021-03-31 23:14   ` Jarkko Sakkinen
2021-03-30 20:28 ` [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length Varad Gautam
2021-03-31 23:13   ` Jarkko Sakkinen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YGUCB1jKCPvn60n2@kernel.org \
    --to=jarkko@kernel.org \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=varad.gautam@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.