keyctl pkey_* operations accept enc and hash parameters at present. RSASSA-PSS signatures also require passing in the signature salt length.
Add another parameter 'slen' to feed in salt length of a PSS signature. Signed-off-by: Varad Gautam <varad.gau...@suse.com> --- crypto/asymmetric_keys/asymmetric_type.c | 1 + include/linux/keyctl.h | 1 + security/keys/keyctl_pkey.c | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index ad8af3d70ac0..eb2ef4a07f8e 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -571,6 +571,7 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params, .hash_algo = params->hash_algo, .digest = (void *)in, .s = (void *)in2, + .salt_length = params->slen, }; return verify_signature(params->key, &sig); diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index 5b79847207ef..970c7bed3082 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h @@ -37,6 +37,7 @@ struct kernel_pkey_params { __u32 in2_len; /* 2nd input data size (verify) */ }; enum kernel_pkey_operation op : 8; + __u32 slen; }; #endif /* __LINUX_KEYCTL_H */ diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 5de0d599a274..b54a021e16b1 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -24,11 +24,13 @@ enum { Opt_err, Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */ Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */ + Opt_slen, /* "slen=<salt-length>" eg. "slen=32" */ }; static const match_table_t param_keys = { { Opt_enc, "enc=%s" }, { Opt_hash, "hash=%s" }, + { Opt_slen, "slen=%u" }, { Opt_err, NULL } }; @@ -63,6 +65,10 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params) params->hash_algo = q; break; + case Opt_slen: + if (kstrtouint(q, 0, ¶ms->slen)) + return -EINVAL; + break; default: return -EINVAL; } -- 2.30.2