[PATCH v3 17/18] crypto: Accept pss as valid encoding during signature verification

From: Varad Gautam
Date: Tue Apr 20 2021 - 07:47:33 EST


Accept pss encoding for public_key_verify_signature. If
CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
fail to find a pss backend anyway.

Signed-off-by: Varad Gautam <varad.gautam@xxxxxxxx>
Acked-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
---
crypto/asymmetric_keys/public_key.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 788a4ba1e2e74..b9cc83ba7a127 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -69,19 +69,20 @@ int software_key_determine_akcipher(const char *encoding,
{
int n;

- if (strcmp(encoding, "pkcs1") == 0) {
+ if (strcmp(encoding, "pkcs1") == 0 || strcmp(encoding, "pss") == 0) {
/* The data wangled by the RSA algorithm is typically padded
* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
- * sec 8.2].
+ * sec 8.2] or EMSA-PSS [RFC8017 sec 9.1].
*/
if (!hash_algo)
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(%s)",
+ "%spad(%s)",
+ encoding,
pkey->pkey_algo);
else
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(%s,%s)",
- pkey->pkey_algo, hash_algo);
+ "%spad(%s,%s)",
+ encoding, pkey->pkey_algo, hash_algo);
return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
}

@@ -363,6 +364,13 @@ int public_key_verify_signature(const struct public_key *pkey,
goto error_free_key;
}

+ if (strcmp(sig->encoding, "pss") == 0) {
+ ret = crypto_akcipher_set_sig_params(tfm, sig, sizeof(*sig));
+ if (ret) {
+ goto error_free_key;
+ }
+ }
+
sg_init_table(src_sg, 2);
sg_set_buf(&src_sg[0], sig->s, sig->s_size);
sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
--
2.30.2