From: Jarkko Sakkinen <jarkko@kernel.org>
To: Varad Gautam <varad.gautam@suse.com>
Cc: linux-crypto@vger.kernel.org, David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 17/18] crypto: Accept pss as valid encoding during signature verification
Date: Thu, 1 Apr 2021 02:14:48 +0300 [thread overview]
Message-ID: <YGUCaNuUFLlrX887@kernel.org> (raw)
In-Reply-To: <20210330202829.4825-18-varad.gautam@suse.com>
On Tue, Mar 30, 2021 at 10:28:28PM +0200, Varad Gautam wrote:
> Accept pss encoding for public_key_verify_signature. If
> CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
> fail to find a pss backend anyway.
>
> Signed-off-by: Varad Gautam <varad.gautam@suse.com>
> ---
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
/Jarkko
> crypto/asymmetric_keys/public_key.c | 18 +++++++++++++-----
> 1 file changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index 788a4ba1e2e7..b9cc83ba7a12 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -69,19 +69,20 @@ int software_key_determine_akcipher(const char *encoding,
> {
> int n;
>
> - if (strcmp(encoding, "pkcs1") == 0) {
> + if (strcmp(encoding, "pkcs1") == 0 || strcmp(encoding, "pss") == 0) {
> /* The data wangled by the RSA algorithm is typically padded
> * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
> - * sec 8.2].
> + * sec 8.2] or EMSA-PSS [RFC8017 sec 9.1].
> */
> if (!hash_algo)
> n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> - "pkcs1pad(%s)",
> + "%spad(%s)",
> + encoding,
> pkey->pkey_algo);
> else
> n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> - "pkcs1pad(%s,%s)",
> - pkey->pkey_algo, hash_algo);
> + "%spad(%s,%s)",
> + encoding, pkey->pkey_algo, hash_algo);
> return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
> }
>
> @@ -363,6 +364,13 @@ int public_key_verify_signature(const struct public_key *pkey,
> goto error_free_key;
> }
>
> + if (strcmp(sig->encoding, "pss") == 0) {
> + ret = crypto_akcipher_set_sig_params(tfm, sig, sizeof(*sig));
> + if (ret) {
> + goto error_free_key;
> + }
> + }
> +
> sg_init_table(src_sg, 2);
> sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> --
> 2.30.2
>
>
next prev parent reply other threads:[~2021-03-31 23:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-30 20:28 [PATCH 00/18] Implement RSASSA-PSS signature verification Varad Gautam
2021-04-01 7:31 ` Varad Gautam
2021-03-30 20:28 ` [PATCH 01/18] X.509: Parse RSASSA-PSS style certificates Varad Gautam
2021-03-31 2:10 ` kernel test robot
2021-03-31 2:10 ` kernel test robot
2021-04-01 1:09 ` Herbert Xu
2021-04-01 7:43 ` Varad Gautam
2021-04-07 8:27 ` hongbo li
2021-04-07 21:20 ` Varad Gautam
[not found] ` <CABpmuw+br=4N7OV8KXR7iZosGj7SVKMS=DV_-axgMgsh-+189A@mail.gmail.com>
2021-04-08 14:21 ` Varad Gautam
2021-03-30 20:28 ` [PATCH 02/18] crypto: rsa-pkcs1pad: Rename pkcs1pad-specific functions to rsapad Varad Gautam
2021-03-30 20:28 ` [PATCH 03/18] crypto: rsa-pkcs1pad: Extract pkcs1pad_create into a generic helper Varad Gautam
2021-03-30 20:28 ` [PATCH 04/18] crypto: rsa-pkcs1pad: Pull out child req processing code into helpers Varad Gautam
2021-03-30 20:28 ` [PATCH 05/18] crypto: rsa-pkcs1pad: Rename pkcs1pad_* structs to rsapad_* Varad Gautam
2021-03-30 20:28 ` [PATCH 06/18] crypto: rsa: Start moving RSA common code to rsa-common Varad Gautam
2021-03-30 20:28 ` [PATCH 07/18] crypto: rsa: Move more " Varad Gautam
2021-03-30 20:28 ` [PATCH 08/18] crypto: rsa: Move rsapad_akcipher_setup_child and callback " Varad Gautam
2021-03-30 20:28 ` [PATCH 09/18] crypto: Extend akcipher API to pass signature parameters Varad Gautam
2021-03-30 20:28 ` [PATCH 10/18] crypto: rsa: Move struct rsa_mpi_key definition to rsa.h Varad Gautam
2021-03-30 20:28 ` [PATCH 11/18] crypto: Scaffolding for RSA-PSS signature style Varad Gautam
2021-03-30 20:28 ` [PATCH 12/18] crypto: rsa-psspad: Introduce shash alloc/dealloc helpers Varad Gautam
2021-03-30 20:28 ` [PATCH 13/18] crypto: rsa-psspad: Get signature salt length from a given signature Varad Gautam
2021-03-30 20:28 ` [PATCH 14/18] crypto: Implement MGF1 Mask Generation Function for RSASSA-PSS Varad Gautam
2021-03-30 20:28 ` [PATCH 15/18] crypto: rsa-psspad: Provide PSS signature verify operation Varad Gautam
2021-03-30 20:28 ` [PATCH 16/18] crypto: rsa-psspad: Implement signature verify callback Varad Gautam
2021-03-30 20:28 ` [PATCH 17/18] crypto: Accept pss as valid encoding during signature verification Varad Gautam
2021-03-31 23:14 ` Jarkko Sakkinen [this message]
2021-03-30 20:28 ` [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length Varad Gautam
2021-03-31 23:13 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YGUCaNuUFLlrX887@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=varad.gautam@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.