Re: [PATCH v2 2/2] integrity: Add support for sigv3 verification using ML-DSA keys

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: Stefan Berger <stefanb@linux.ibm.com>,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, roberto.sassu@huawei.com,
	ebiggers@kernel.org
Subject: Re: [PATCH v2 2/2] integrity: Add support for sigv3 verification using ML-DSA keys
Date: Tue, 14 Apr 2026 22:01:49 -0400	[thread overview]
Message-ID: <be3fdb81a322ab96e356e165b737c46f00c12cc3.camel@linux.ibm.com> (raw)
In-Reply-To: <20260408174154.139606-3-stefanb@linux.ibm.com>

On Wed, 2026-04-08 at 13:41 -0400, Stefan Berger wrote:
> Add support for sigv3 signature verification using ML-DSA in pure mode.
> When a sigv3 signature is verified, first check whether the key to use
> for verification is an ML-DSA key and therefore uses a hashless signature
> verification scheme. The hashless signature verification method uses the
> ima_file_id structure directly for signature verification rather than
> its digest.
> 
> Suggested-by: Eric Biggers <ebiggers@kernel.org>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> 

Thanks, Stefan.
> ---
> v2: Set hash_algo in public_key_signature to "none"
> ---
>  security/integrity/digsig_asymmetric.c | 84 ++++++++++++++++++++++++--
>  1 file changed, 79 insertions(+), 5 deletions(-)
> 
> diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
> index e29ed73f15cd..c80cb2b117a6 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -190,17 +190,91 @@ static int calc_file_id_hash(enum evm_ima_xattr_type type,
>  	return rc;
>  }
>  
> +/*

kernel-doc starts with "/**".

> + * asymmetric_verify_v3_hashless - Use hashless signature verification on sigv3
> + * @key: The key to use for signature verification
> + * @pk: The associated public key
> + * @encoding: The encoding the key type uses
> + * @sig: The signature
> + * @siglen: The length of the xattr signature
> + * @algo: The hash algorithm
> + * @digest: The file digest
> + *
> + * Create an ima_file_id structure and use it for signature verification
> + * directly. This can be used for ML-DSA in pure mode for example.

Like the comments on 1/2, please add a comment here indicating that all callers
must verify the signature length (siglen) and the public key (pk) is not NULL,
before calling asymmetric_verify_v3_hashless().  Also indicate that the caller
must free the key.

> + */
> +static int asymmetric_verify_v3_hashless(struct key *key,
> +					 const struct public_key *pk,
> +					 const char *encoding,
> +					 const char *sig, int siglen,
> +					 u8 algo,
> +					 const u8 *digest)
> +{
> +	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
> +	struct ima_file_id file_id = {
> +		.hash_type = hdr->type,
> +		.hash_algorithm = algo,
> +	};
> +	size_t digest_size = hash_digest_size[algo];

Defer initializing the digest_size and .m_size, below, until after checking the
hash algorithm is valid. 

> +	struct public_key_signature pks = {
> +		.m = (u8 *)&file_id,
> +		.m_size = sizeof(file_id) - (HASH_MAX_DIGESTSIZE - digest_size),
> +		.s = hdr->sig,
> +		.s_size = siglen - sizeof(*hdr),
> +		.pkey_algo = pk->pkey_algo,
> +		.hash_algo = "none",
> +		.encoding = encoding,
> +	};
> +	int ret;
> +
> +	if (hdr->type != IMA_VERITY_DIGSIG &&
> +	    hdr->type != EVM_IMA_XATTR_DIGSIG &&
> +	    hdr->type != EVM_XATTR_PORTABLE_DIGSIG)
> +		return -EINVAL;
> +
> +	if (pks.s_size != be16_to_cpu(hdr->sig_size))
> +		return -EBADMSG;
> +
> +	memcpy(file_id.hash, digest, digest_size);

First check the hash algorithm is valid, before using digest_size.

> +
> +	ret = verify_signature(key, &pks);
> +	pr_debug("%s() = %d\n", __func__, ret);
> +	return ret;
> +}
> +
>  int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen,
>  			 const char *data, int datalen, u8 algo)
>  {
>  	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
>  	struct ima_max_digest_data hash;
> +	const struct public_key *pk;
> +	struct key *key;
>  	int rc;
>  
> -	rc = calc_file_id_hash(hdr->type, algo, data, &hash);
> -	if (rc)
> -		return -EINVAL;
> +	if (siglen <= sizeof(*hdr))
> +		return -EBADMSG;
> +
> +	key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
> +	if (IS_ERR(key))
> +		return PTR_ERR(key);
>  
> -	return asymmetric_verify(keyring, sig, siglen, hash.digest,
> -				 hash.hdr.length);
> +	pk = asymmetric_key_public_key(key);

Please add a test to check that 'pk' isn't null.

> +	if (!strncmp(pk->pkey_algo, "mldsa", 5)) {
> +		rc = asymmetric_verify_v3_hashless(key, pk, "raw",
> +						   sig, siglen, algo, data);
> +	} else {
> +		rc = calc_file_id_hash(hdr->type, algo, data, &hash);
> +		if (rc) {
> +			rc = -EINVAL;
> +			goto err_exit;
> +		}
> +
> +		rc = asymmetric_verify_common(key, pk, sig, siglen, hash.digest,
> +					      hash.hdr.length);
> +	}
> +
> +err_exit:

Normally a label named 'err*' would be preceded by a return.  Here, the label
"err_exit" is always called, not only when there is an error.  Please rename the
label to something more appropriate - out, cleanup, etc.

> +	key_put(key);
> +
> +	return rc;
>  }

thanks,

Mimi

next prev parent reply	other threads:[~2026-04-15  2:07 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-08 17:41 [PATCH v2 0/2] Add support for ML-DSA signature for EVM and IMA Stefan Berger
2026-04-08 17:41 ` [PATCH v2 1/2] integrity: Refactor asymmetric_verify for reusability Stefan Berger
2026-04-15  2:00   ` Mimi Zohar
2026-04-15 20:15     ` Stefan Berger
2026-04-08 17:41 ` [PATCH v2 2/2] integrity: Add support for sigv3 verification using ML-DSA keys Stefan Berger
2026-04-15  2:01   ` Mimi Zohar [this message]
2026-04-15 20:32     ` Stefan Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=be3fdb81a322ab96e356e165b737c46f00c12cc3.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=ebiggers@kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=roberto.sassu@huawei.com \
    --cc=stefanb@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.