| Message ID | 20210330202829.4825-18-varad.gautam@suse.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Implement RSASSA-PSS signature verification | expand |
On Tue, Mar 30, 2021 at 10:28:28PM +0200, Varad Gautam wrote: > Accept pss encoding for public_key_verify_signature. If > CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will > fail to find a pss backend anyway. > > Signed-off-by: Varad Gautam <varad.gautam@suse.com> > --- Acked-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko > crypto/asymmetric_keys/public_key.c | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > index 788a4ba1e2e7..b9cc83ba7a12 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -69,19 +69,20 @@ int software_key_determine_akcipher(const char *encoding, > { > int n; > > - if (strcmp(encoding, "pkcs1") == 0) { > + if (strcmp(encoding, "pkcs1") == 0 || strcmp(encoding, "pss") == 0) { > /* The data wangled by the RSA algorithm is typically padded > * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 > - * sec 8.2]. > + * sec 8.2] or EMSA-PSS [RFC8017 sec 9.1]. > */ > if (!hash_algo) > n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, > - "pkcs1pad(%s)", > + "%spad(%s)", > + encoding, > pkey->pkey_algo); > else > n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, > - "pkcs1pad(%s,%s)", > - pkey->pkey_algo, hash_algo); > + "%spad(%s,%s)", > + encoding, pkey->pkey_algo, hash_algo); > return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; > } > > @@ -363,6 +364,13 @@ int public_key_verify_signature(const struct public_key *pkey, > goto error_free_key; > } > > + if (strcmp(sig->encoding, "pss") == 0) { > + ret = crypto_akcipher_set_sig_params(tfm, sig, sizeof(*sig)); > + if (ret) { > + goto error_free_key; > + } > + } > + > sg_init_table(src_sg, 2); > sg_set_buf(&src_sg[0], sig->s, sig->s_size); > sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); > -- > 2.30.2 > >
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 788a4ba1e2e7..b9cc83ba7a12 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -69,19 +69,20 @@ int software_key_determine_akcipher(const char *encoding, { int n; - if (strcmp(encoding, "pkcs1") == 0) { + if (strcmp(encoding, "pkcs1") == 0 || strcmp(encoding, "pss") == 0) { /* The data wangled by the RSA algorithm is typically padded * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 - * sec 8.2]. + * sec 8.2] or EMSA-PSS [RFC8017 sec 9.1]. */ if (!hash_algo) n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, - "pkcs1pad(%s)", + "%spad(%s)", + encoding, pkey->pkey_algo); else n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, - "pkcs1pad(%s,%s)", - pkey->pkey_algo, hash_algo); + "%spad(%s,%s)", + encoding, pkey->pkey_algo, hash_algo); return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; } @@ -363,6 +364,13 @@ int public_key_verify_signature(const struct public_key *pkey, goto error_free_key; } + if (strcmp(sig->encoding, "pss") == 0) { + ret = crypto_akcipher_set_sig_params(tfm, sig, sizeof(*sig)); + if (ret) { + goto error_free_key; + } + } + sg_init_table(src_sg, 2); sg_set_buf(&src_sg[0], sig->s, sig->s_size); sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
Accept pss encoding for public_key_verify_signature. If CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will fail to find a pss backend anyway. Signed-off-by: Varad Gautam <varad.gautam@suse.com> --- crypto/asymmetric_keys/public_key.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-)