On Tue, Mar 30, 2021 at 10:28:28PM +0200, Varad Gautam wrote:
> Accept pss encoding for public_key_verify_signature. If
> CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
> fail to find a pss backend anyway.
> 
> Signed-off-by: Varad Gautam <varad.gau...@suse.com>
> ---

Acked-by: Jarkko Sakkinen <jar...@kernel.org>

/Jarkko

>  crypto/asymmetric_keys/public_key.c | 18 +++++++++++++-----
>  1 file changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/crypto/asymmetric_keys/public_key.c 
> b/crypto/asymmetric_keys/public_key.c
> index 788a4ba1e2e7..b9cc83ba7a12 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -69,19 +69,20 @@ int software_key_determine_akcipher(const char *encoding,
>  {
>       int n;
>  
> -     if (strcmp(encoding, "pkcs1") == 0) {
> +     if (strcmp(encoding, "pkcs1") == 0 || strcmp(encoding, "pss") == 0) {
>               /* The data wangled by the RSA algorithm is typically padded
>                * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
> -              * sec 8.2].
> +              * sec 8.2] or EMSA-PSS [RFC8017 sec 9.1].
>                */
>               if (!hash_algo)
>                       n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> -                                  "pkcs1pad(%s)",
> +                                  "%spad(%s)",
> +                                  encoding,
>                                    pkey->pkey_algo);
>               else
>                       n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> -                                  "pkcs1pad(%s,%s)",
> -                                  pkey->pkey_algo, hash_algo);
> +                                  "%spad(%s,%s)",
> +                                  encoding, pkey->pkey_algo, hash_algo);
>               return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
>       }
>  
> @@ -363,6 +364,13 @@ int public_key_verify_signature(const struct public_key 
> *pkey,
>                       goto error_free_key;
>       }
>  
> +     if (strcmp(sig->encoding, "pss") == 0) {
> +             ret = crypto_akcipher_set_sig_params(tfm, sig, sizeof(*sig));
> +             if (ret) {
> +                     goto error_free_key;
> +             }
> +     }
> +
>       sg_init_table(src_sg, 2);
>       sg_set_buf(&src_sg[0], sig->s, sig->s_size);
>       sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
> -- 
> 2.30.2
> 
> 

Reply via email to