From: Varad Gautam <varad.gautam@suse.com>
To: linux-crypto@vger.kernel.org
Cc: Varad Gautam <varad.gautam@suse.com>,
David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
keyrings@vger.kernel.org (open list:ASYMMETRIC KEYS),
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH 17/18] crypto: Accept pss as valid encoding during signature verification
Date: Tue, 30 Mar 2021 22:28:28 +0200 [thread overview]
Message-ID: <20210330202829.4825-18-varad.gautam@suse.com> (raw)
In-Reply-To: <20210330202829.4825-1-varad.gautam@suse.com>
Accept pss encoding for public_key_verify_signature. If
CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
fail to find a pss backend anyway.
Signed-off-by: Varad Gautam <varad.gautam@suse.com>
---
crypto/asymmetric_keys/public_key.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 788a4ba1e2e7..b9cc83ba7a12 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -69,19 +69,20 @@ int software_key_determine_akcipher(const char *encoding,
{
int n;
- if (strcmp(encoding, "pkcs1") == 0) {
+ if (strcmp(encoding, "pkcs1") == 0 || strcmp(encoding, "pss") == 0) {
/* The data wangled by the RSA algorithm is typically padded
* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
- * sec 8.2].
+ * sec 8.2] or EMSA-PSS [RFC8017 sec 9.1].
*/
if (!hash_algo)
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(%s)",
+ "%spad(%s)",
+ encoding,
pkey->pkey_algo);
else
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(%s,%s)",
- pkey->pkey_algo, hash_algo);
+ "%spad(%s,%s)",
+ encoding, pkey->pkey_algo, hash_algo);
return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
}
@@ -363,6 +364,13 @@ int public_key_verify_signature(const struct public_key *pkey,
goto error_free_key;
}
+ if (strcmp(sig->encoding, "pss") == 0) {
+ ret = crypto_akcipher_set_sig_params(tfm, sig, sizeof(*sig));
+ if (ret) {
+ goto error_free_key;
+ }
+ }
+
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
--
2.30.2
next prev parent reply other threads:[~2021-03-30 20:32 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-30 20:28 [PATCH 00/18] Implement RSASSA-PSS signature verification Varad Gautam
2021-03-30 20:28 ` [PATCH 01/18] X.509: Parse RSASSA-PSS style certificates Varad Gautam
2021-03-31 2:10 ` kernel test robot
2021-04-01 1:09 ` Herbert Xu
2021-04-01 7:43 ` Varad Gautam
2021-04-07 8:27 ` hongbo li
2021-04-07 21:20 ` Varad Gautam
[not found] ` <CABpmuw+br=4N7OV8KXR7iZosGj7SVKMS=DV_-axgMgsh-+189A@mail.gmail.com>
2021-04-08 14:21 ` Varad Gautam
2021-03-30 20:28 ` [PATCH 02/18] crypto: rsa-pkcs1pad: Rename pkcs1pad-specific functions to rsapad Varad Gautam
2021-03-30 20:28 ` [PATCH 03/18] crypto: rsa-pkcs1pad: Extract pkcs1pad_create into a generic helper Varad Gautam
2021-03-30 20:28 ` [PATCH 04/18] crypto: rsa-pkcs1pad: Pull out child req processing code into helpers Varad Gautam
2021-03-30 20:28 ` [PATCH 05/18] crypto: rsa-pkcs1pad: Rename pkcs1pad_* structs to rsapad_* Varad Gautam
2021-03-30 20:28 ` [PATCH 06/18] crypto: rsa: Start moving RSA common code to rsa-common Varad Gautam
2021-03-30 20:28 ` [PATCH 07/18] crypto: rsa: Move more " Varad Gautam
2021-03-30 20:28 ` [PATCH 08/18] crypto: rsa: Move rsapad_akcipher_setup_child and callback " Varad Gautam
2021-03-30 20:28 ` [PATCH 09/18] crypto: Extend akcipher API to pass signature parameters Varad Gautam
2021-03-30 20:28 ` [PATCH 10/18] crypto: rsa: Move struct rsa_mpi_key definition to rsa.h Varad Gautam
2021-03-30 20:28 ` [PATCH 11/18] crypto: Scaffolding for RSA-PSS signature style Varad Gautam
2021-03-30 20:28 ` [PATCH 12/18] crypto: rsa-psspad: Introduce shash alloc/dealloc helpers Varad Gautam
2021-03-30 20:28 ` [PATCH 13/18] crypto: rsa-psspad: Get signature salt length from a given signature Varad Gautam
2021-03-30 20:28 ` [PATCH 14/18] crypto: Implement MGF1 Mask Generation Function for RSASSA-PSS Varad Gautam
2021-03-30 20:28 ` [PATCH 15/18] crypto: rsa-psspad: Provide PSS signature verify operation Varad Gautam
2021-03-30 20:28 ` [PATCH 16/18] crypto: rsa-psspad: Implement signature verify callback Varad Gautam
2021-03-30 20:28 ` Varad Gautam [this message]
2021-03-31 23:14 ` [PATCH 17/18] crypto: Accept pss as valid encoding during signature verification Jarkko Sakkinen
2021-03-30 20:28 ` [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length Varad Gautam
2021-03-31 23:13 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210330202829.4825-18-varad.gautam@suse.com \
--to=varad.gautam@suse.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).