[PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS

Varad Gautam Tue, 20 Apr 2021 04:47:21 -0700

keyctl pkey_* operations accept enc and hash parameters at present.
RSASSA-PSS signatures also require passing in the signature salt
length and the mgf hash function.


Add parameters:
- 'saltlen' to feed in salt length of a PSS signature.
- 'mgfhash' to feed in the hash function used for MGF.

Signed-off-by: Varad Gautam <varad.gau...@suse.com>
CC: Jarkko Sakkinen <jar...@kernel.org>
CC: Ben Boeckel <m...@benboeckel.net>
---
v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.

 Documentation/security/keys/core.rst     | 14 +++++++++++++-
 crypto/asymmetric_keys/asymmetric_type.c |  2 ++
 include/linux/keyctl.h                   |  2 ++
 security/keys/keyctl_pkey.c              | 13 +++++++++++++
 4 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/Documentation/security/keys/core.rst 
b/Documentation/security/keys/core.rst
index b3ed5c581034c..4bd774c56899e 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -1022,6 +1022,15 @@ The keyctl syscall functions are:
                        which hash function was used, the hash function can be
                        specified with this, eg. "hash=sha256".
 
+       ``mgfhash=<algo>`` In case of "RSASSA-PSS" ("enc=pss"), this specifies
+                       the hash function used with the Mask Generation Function
+                       to generate a signature, eg. "mgfhash=sha256". Supported
+                       hashes are: sha1, sha224, sha256, sha384, and sha512.
+
+       ``saltlen=<salt_length>`` In case of "RSASSA-PSS" ("enc=pss"), this
+                       specifies the salt length as a u16, used to generate a
+                       signature. Eg. "saltlen=32".
+
      The ``__spare[]`` space in the parameter block must be set to 0.  This is
      intended, amongst other things, to allow the passing of passphrases
      required to unlock a key.
@@ -1700,6 +1709,8 @@ The structure has a number of fields, some of which are 
mandatory:
                        __u32   in2_len;
                };
                enum kernel_pkey_operation op : 8;
+               __u16           salt_len;
+               const char      *mgf_hash_algo;
        };
 
      This includes the key to be used; a string indicating the encoding to use
@@ -1707,7 +1718,8 @@ The structure has a number of fields, some of which are 
mandatory:
      RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
      the name of the hash algorithm used to generate the data for a signature
      (if appropriate); the sizes of the input and output (or second input)
-     buffers; and the ID of the operation to be performed.
+     buffers; the ID of the operation to be performed; salt length to be used
+     in case of RSASSA-PSS; and hash algorithm used with MGF for RSASSA-PSS.
 
      For a given operation ID, the input and output buffers are used as
      follows::
diff --git a/crypto/asymmetric_keys/asymmetric_type.c 
b/crypto/asymmetric_keys/asymmetric_type.c
index ad8af3d70ac04..2d3419509ec35 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -571,6 +571,8 @@ static int asymmetric_key_verify_signature(struct 
kernel_pkey_params *params,
                .hash_algo      = params->hash_algo,
                .digest         = (void *)in,
                .s              = (void *)in2,
+               .salt_length    = params->salt_len,
+               .mgf_hash_algo  = params->mgf_hash_algo,
        };
 
        return verify_signature(params->key, &sig);
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 5b79847207ef2..b0122ac6e11c9 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -37,6 +37,8 @@ struct kernel_pkey_params {
                __u32   in2_len;        /* 2nd input data size (verify) */
        };
        enum kernel_pkey_operation op : 8;
+       __u16           salt_len;
+       const char      *mgf_hash_algo;
 };
 
 #endif /* __LINUX_KEYCTL_H */
diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
index 5de0d599a2748..019f112474dcd 100644
--- a/security/keys/keyctl_pkey.c
+++ b/security/keys/keyctl_pkey.c
@@ -24,11 +24,15 @@ enum {
        Opt_err,
        Opt_enc,                /* "enc=<encoding>" eg. "enc=oaep" */
        Opt_hash,               /* "hash=<digest-name>" eg. "hash=sha1" */
+       Opt_saltlen,            /* "saltlen=<salt-length>" eg. "saltlen=32" */
+       Opt_mgfhash,            /* "mgfhash=<digest-name>" eg. "mgfhash=sha1" */
 };
 
 static const match_table_t param_keys = {
        { Opt_enc,      "enc=%s" },
        { Opt_hash,     "hash=%s" },
+       { Opt_saltlen,  "saltlen=%u" },
+       { Opt_mgfhash,  "mgfhash=%s" },
        { Opt_err,      NULL }
 };
 
@@ -63,6 +67,15 @@ static int keyctl_pkey_params_parse(struct 
kernel_pkey_params *params)
                        params->hash_algo = q;
                        break;
 
+               case Opt_saltlen:
+                       if (kstrtou16(q, 0, &params->salt_len))
+                               return -EINVAL;
+                       break;
+
+               case Opt_mgfhash:
+                       params->mgf_hash_algo = q;
+                       break;
+
                default:
                        return -EINVAL;
                }
-- 
2.30.2

[PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS

Reply via email to