From: David Howells <dhowells@redhat.com>
To: Lukas Wunner <lukas@wunner.de>, Ignat Korchagin <ignat@cloudflare.com>
Cc: David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@kernel.org>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
Stephan Mueller <smueller@chronox.de>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v13 09/12] modsign: Enable RSASSA-PSS module signing
Date: Tue, 20 Jan 2026 14:50:55 +0000 [thread overview]
Message-ID: <20260120145103.1176337-10-dhowells@redhat.com> (raw)
In-Reply-To: <20260120145103.1176337-1-dhowells@redhat.com>
Add support for RSASSA-PSS signatures (RFC8017) for use with module signing
and other public key cryptography done by the kernel.
Note that only signature verification is supported by the kernel.
Note further that this alters some of the same code as the MLDSA support,
so that needs to be applied first to avoid conflicts.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ignat Korchagin <ignat@cloudflare.com>
cc: Lukas Wunner <lukas@wunner.de>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
---
Documentation/admin-guide/module-signing.rst | 5 ++-
certs/Kconfig | 6 +++
certs/Makefile | 1 +
scripts/sign-file.c | 39 +++++++++++++++++++-
4 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
index 7f2f127dc76f..aa24715cd2d8 100644
--- a/Documentation/admin-guide/module-signing.rst
+++ b/Documentation/admin-guide/module-signing.rst
@@ -32,8 +32,9 @@ type. The built-in facility currently only supports the RSA, NIST P-384 ECDSA
and NIST FIPS-204 ML-DSA public key signing standards (though it is pluggable
and permits others to be used). For RSA and ECDSA, the possible hash
algorithms that can be used are SHA-2 and SHA-3 of sizes 256, 384, and 512 (the
-algorithm is selected by data in the signature); ML-DSA does its own hashing,
-but is allowed to be used with a SHA512 hash for signed attributes.
+algorithm is selected by data in the signature); RSASSA-PSS is allowed to use
+SHA512 only; ML-DSA does its own hashing, but is allowed to be used with a
+SHA512 hash for signed attributes.
==========================
diff --git a/certs/Kconfig b/certs/Kconfig
index 67a5786423b5..524d1747c541 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -27,6 +27,12 @@ config MODULE_SIG_KEY_TYPE_RSA
help
Use an RSA key for module signing.
+config MODULE_SIG_KEY_TYPE_RSASSA_PSS
+ bool "RSASSA-PSS"
+ select CRYPTO_RSA
+ help
+ Use an RSASSA-PSS key for module signing.
+
config MODULE_SIG_KEY_TYPE_ECDSA
bool "ECDSA"
select CRYPTO_ECDSA
diff --git a/certs/Makefile b/certs/Makefile
index 3ee1960f9f4a..3b5a3a303f4c 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -42,6 +42,7 @@ targets += x509_certificate_list
# boolean option and we unfortunately can't make it depend on !RANDCONFIG.
ifeq ($(CONFIG_MODULE_SIG_KEY),certs/signing_key.pem)
+keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_RSASSA_PSS) := -newkey rsassa-pss
keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_curve:secp384r1
keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_MLDSA_44) := -newkey ml-dsa-44
keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_MLDSA_65) := -newkey ml-dsa-65
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 547b97097230..800e2e2e36c3 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -233,6 +233,7 @@ int main(int argc, char **argv)
EVP_PKEY *private_key;
#ifndef USE_PKCS7
CMS_ContentInfo *cms = NULL;
+ CMS_SignerInfo *signer;
unsigned int use_keyid = 0;
#else
PKCS7 *pkcs7 = NULL;
@@ -338,12 +339,46 @@ int main(int argc, char **argv)
flags |= use_signed_attrs;
+ if (EVP_PKEY_is_a(private_key, "RSASSA-PSS")) {
+ EVP_PKEY_CTX *pkctx;
+ char mdname[1024] = {};
+
+ pkctx = EVP_PKEY_CTX_new(private_key, NULL);
+
+ ERR(!EVP_PKEY_sign_init(pkctx), "EVP_PKEY_sign_init");
+ ERR(!EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING),
+ "EVP_PKEY_CTX_set_rsa_padding");
+ ERR(!EVP_PKEY_CTX_set_rsa_mgf1_md_name(pkctx, hash_algo, NULL),
+ "EVP_PKEY_CTX_set_rsa_mgf1_md_name");
+
+ ERR(!EVP_PKEY_CTX_get_rsa_mgf1_md_name(pkctx, mdname, sizeof(mdname)),
+ "EVP_PKEY_CTX_get_rsa_mgf1_md_name");
+ printf("RSASSA-PSS %s\n", mdname);
+ flags |= CMS_KEY_PARAM;
+ }
+
/* Load the signature message from the digest buffer. */
cms = CMS_sign(NULL, NULL, NULL, NULL, flags);
ERR(!cms, "CMS_sign");
- ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, flags),
- "CMS_add1_signer");
+ signer = CMS_add1_signer(cms, x509, private_key, digest_algo, flags);
+ ERR(!signer, "CMS_add1_signer");
+
+ if (EVP_PKEY_is_a(private_key, "RSASSA-PSS")) {
+ EVP_PKEY_CTX *pkctx;
+ char mdname[1024] = {};
+
+ pkctx = CMS_SignerInfo_get0_pkey_ctx(signer);
+ ERR(!EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING),
+ "EVP_PKEY_CTX_set_rsa_padding");
+ ERR(!EVP_PKEY_CTX_set_rsa_mgf1_md_name(pkctx, hash_algo, NULL),
+ "EVP_PKEY_CTX_set_rsa_mgf1_md_name");
+
+ ERR(!EVP_PKEY_CTX_get_rsa_mgf1_md_name(pkctx, mdname, sizeof(mdname)),
+ "EVP_PKEY_CTX_get_rsa_mgf1_md_name");
+ printf("RSASSA-PSS %s\n", mdname);
+ }
+
ERR(CMS_final(cms, bm, NULL, flags) != 1,
"CMS_final");
next prev parent reply other threads:[~2026-01-20 14:52 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-20 14:50 [PATCH v13 00/12] x509, pkcs7, crypto: Add ML-DSA and RSASSA-PSS signing David Howells
2026-01-20 14:50 ` [PATCH v13 01/12] crypto: Add ML-DSA crypto_sig support David Howells
2026-01-20 17:37 ` Jarkko Sakkinen
2026-01-20 20:52 ` Eric Biggers
2026-01-20 14:50 ` [PATCH v13 02/12] pkcs7: Allow the signing algo to calculate the digest itself David Howells
2026-01-20 17:53 ` Jarkko Sakkinen
2026-01-21 12:31 ` David Howells
2026-01-24 11:46 ` Jarkko Sakkinen
2026-01-20 21:12 ` Eric Biggers
2026-01-23 11:37 ` David Howells
2026-01-20 14:50 ` [PATCH v13 03/12] pkcs7: Allow direct signing of data with ML-DSA David Howells
2026-01-20 14:50 ` [PATCH v13 04/12] pkcs7, x509: Add ML-DSA support David Howells
2026-01-20 21:17 ` Eric Biggers
2026-01-20 14:50 ` [PATCH v13 05/12] modsign: Enable ML-DSA module signing David Howells
2026-01-20 21:38 ` Eric Biggers
2026-01-21 14:21 ` David Howells
2026-01-20 14:50 ` [PATCH v13 06/12] crypto: Add supplementary info param to asymmetric key signature verification David Howells
2026-01-20 14:50 ` [PATCH v13 07/12] crypto: Add RSASSA-PSS support David Howells
2026-01-20 22:41 ` Eric Biggers
2026-01-20 23:15 ` David Howells
2026-01-20 23:36 ` Eric Biggers
2026-01-21 8:11 ` Ignat Korchagin
2026-01-21 2:14 ` Eric Biggers
2026-01-21 8:15 ` Ignat Korchagin
2026-01-20 14:50 ` [PATCH v13 08/12] pkcs7, x509: " David Howells
2026-01-20 14:50 ` David Howells [this message]
2026-01-20 14:50 ` [PATCH v13 10/12] pkcs7: Add FIPS selftest for RSASSA-PSS David Howells
2026-01-20 14:50 ` [PATCH v13 11/12] x509, pkcs7: Limit crypto combinations that may be used for module signing David Howells
2026-01-20 18:31 ` Ignat Korchagin
2026-01-20 18:54 ` David Howells
2026-01-20 21:51 ` Vitaly Chikunov
2026-01-20 23:18 ` David Howells
2026-01-20 22:14 ` Eric Biggers
2026-01-20 14:50 ` [PATCH v13 12/12] pkcs7: Add ML-DSA FIPS selftest David Howells
2026-01-20 17:54 ` Jarkko Sakkinen
2026-01-20 17:55 ` Jarkko Sakkinen
2026-01-20 21:43 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260120145103.1176337-10-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=da.gomez@kernel.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=mcgrof@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox