Re: [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS

From: Ben Boeckel
Date: Tue Apr 20 2021 - 09:27:14 EST


On Tue, Apr 20, 2021 at 13:41:23 +0200, Varad Gautam wrote:
> keyctl pkey_* operations accept enc and hash parameters at present.
> RSASSA-PSS signatures also require passing in the signature salt
> length and the mgf hash function.
>
> Add parameters:
> - 'saltlen' to feed in salt length of a PSS signature.
> - 'mgfhash' to feed in the hash function used for MGF.
>
> Signed-off-by: Varad Gautam <varad.gautam@xxxxxxxx>
> CC: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> CC: Ben Boeckel <me@xxxxxxxxxxxxxx>
> ---
> v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
>
> Documentation/security/keys/core.rst | 14 +++++++++++++-
> crypto/asymmetric_keys/asymmetric_type.c | 2 ++
> include/linux/keyctl.h | 2 ++
> security/keys/keyctl_pkey.c | 13 +++++++++++++
> 4 files changed, 30 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
> index b3ed5c581034c..4bd774c56899e 100644
> --- a/Documentation/security/keys/core.rst
> +++ b/Documentation/security/keys/core.rst
> @@ -1022,6 +1022,15 @@ The keyctl syscall functions are:
> which hash function was used, the hash function can be
> specified with this, eg. "hash=sha256".
>
> + ``mgfhash=<algo>`` In case of "RSASSA-PSS" ("enc=pss"), this specifies
> + the hash function used with the Mask Generation Function
> + to generate a signature, eg. "mgfhash=sha256". Supported
> + hashes are: sha1, sha224, sha256, sha384, and sha512.
> +
> + ``saltlen=<salt_length>`` In case of "RSASSA-PSS" ("enc=pss"), this
> + specifies the salt length as a u16, used to generate a
^

This feels like it is missing a comma at the designated location (after
`length` if the whitespace gets mangled).

> + signature. Eg. "saltlen=32".
> +
> The ``__spare[]`` space in the parameter block must be set to 0. This is
> intended, amongst other things, to allow the passing of passphrases
> required to unlock a key.
> @@ -1700,6 +1709,8 @@ The structure has a number of fields, some of which are mandatory:
> __u32 in2_len;
> };
> enum kernel_pkey_operation op : 8;
> + __u16 salt_len;
> + const char *mgf_hash_algo;
> };
>
> This includes the key to be used; a string indicating the encoding to use
> @@ -1707,7 +1718,8 @@ The structure has a number of fields, some of which are mandatory:
> RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding or "raw" if no encoding);
> the name of the hash algorithm used to generate the data for a signature
> (if appropriate); the sizes of the input and output (or second input)
> - buffers; and the ID of the operation to be performed.
> + buffers; the ID of the operation to be performed; salt length to be used
> + in case of RSASSA-PSS; and hash algorithm used with MGF for RSASSA-PSS.
>
> For a given operation ID, the input and output buffers are used as
> follows::

Thanks for the docs, they look good to me overall. Other than the comma:

Acked-by: Ben Boeckel <mathstuf@xxxxxxxxx>

--Ben