[PATCH v11 5/8] crypto: Add supplementary info param to asymmetric key signature verification

David Howells Mon, 05 Jan 2026 07:41:47 -0800

Add a supplementary information parameter to the asymmetric key signature
verification API, in particular crypto_sig_verify() and sig_alg::verify.
This takes the form of a printable string containing of key=val elements.


This is needed as some algorithms require additional metadata
(e.g. RSASSA-PSS) and this extra metadata is included in the X.509
certificates and PKCS#7 messages.  Furthermore, keyctl(KEYCTL_PKEY_VERIFY)
already allows for this to be passed to the kernel, as do the _SIGN,
_ENCRYPT and _DECRYPT keyctls.

Signed-off-by: David Howells <[email protected]>
cc: Herbert Xu <[email protected]>
cc: "David S. Miller" <[email protected]>
cc: Lukas Wunner <[email protected]>
cc: Ignat Korchagin <[email protected]>
cc: [email protected]
cc: [email protected]
---
 crypto/asymmetric_keys/asymmetric_type.c | 1 +
 crypto/asymmetric_keys/public_key.c      | 2 +-
 crypto/asymmetric_keys/signature.c       | 1 +
 crypto/ecdsa-p1363.c                     | 5 +++--
 crypto/ecdsa-x962.c                      | 5 +++--
 crypto/ecdsa.c                           | 3 ++-
 crypto/ecrdsa.c                          | 3 ++-
 crypto/mldsa.c                           | 3 ++-
 crypto/rsassa-pkcs1.c                    | 3 ++-
 crypto/sig.c                             | 3 ++-
 include/crypto/public_key.h              | 1 +
 include/crypto/sig.h                     | 9 ++++++---
 12 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/crypto/asymmetric_keys/asymmetric_type.c 
b/crypto/asymmetric_keys/asymmetric_type.c
index 348966ea2175..dad4f0edfa25 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -596,6 +596,7 @@ static int asymmetric_key_verify_signature(struct 
kernel_pkey_params *params,
                .digest_size    = params->in_len,
                .encoding       = params->encoding,
                .hash_algo      = params->hash_algo,
+               .info           = params->info,
                .digest         = (void *)in,
                .s              = (void *)in2,
        };
diff --git a/crypto/asymmetric_keys/public_key.c 
b/crypto/asymmetric_keys/public_key.c
index ed6b4b5ae4ef..61dc4f626620 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -433,7 +433,7 @@ int public_key_verify_signature(const struct public_key 
*pkey,
                goto error_free_key;
 
        ret = crypto_sig_verify(tfm, sig->s, sig->s_size,
-                               sig->digest, sig->digest_size);
+                               sig->digest, sig->digest_size, sig->info);
 
 error_free_key:
        kfree_sensitive(key);
diff --git a/crypto/asymmetric_keys/signature.c 
b/crypto/asymmetric_keys/signature.c
index 041d04b5c953..26c0c0112ac4 100644
--- a/crypto/asymmetric_keys/signature.c
+++ b/crypto/asymmetric_keys/signature.c
@@ -29,6 +29,7 @@ void public_key_signature_free(struct public_key_signature 
*sig)
                        kfree(sig->auth_ids[i]);
                kfree(sig->s);
                kfree(sig->digest);
+               kfree(sig->info);
                kfree(sig);
        }
 }
diff --git a/crypto/ecdsa-p1363.c b/crypto/ecdsa-p1363.c
index e0c55c64711c..fa987dba1213 100644
--- a/crypto/ecdsa-p1363.c
+++ b/crypto/ecdsa-p1363.c
@@ -18,7 +18,8 @@ struct ecdsa_p1363_ctx {
 
 static int ecdsa_p1363_verify(struct crypto_sig *tfm,
                              const void *src, unsigned int slen,
-                             const void *digest, unsigned int dlen)
+                             const void *digest, unsigned int dlen,
+                             const char *info)
 {
        struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm);
        unsigned int keylen = DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child),
@@ -32,7 +33,7 @@ static int ecdsa_p1363_verify(struct crypto_sig *tfm,
        ecc_digits_from_bytes(src, keylen, sig.r, ndigits);
        ecc_digits_from_bytes(src + keylen, keylen, sig.s, ndigits);
 
-       return crypto_sig_verify(ctx->child, &sig, sizeof(sig), digest, dlen);
+       return crypto_sig_verify(ctx->child, &sig, sizeof(sig), digest, dlen, 
info);
 }
 
 static unsigned int ecdsa_p1363_key_size(struct crypto_sig *tfm)
diff --git a/crypto/ecdsa-x962.c b/crypto/ecdsa-x962.c
index ee71594d10a0..5d7f1078989c 100644
--- a/crypto/ecdsa-x962.c
+++ b/crypto/ecdsa-x962.c
@@ -75,7 +75,8 @@ int ecdsa_get_signature_s(void *context, size_t hdrlen, 
unsigned char tag,
 
 static int ecdsa_x962_verify(struct crypto_sig *tfm,
                             const void *src, unsigned int slen,
-                            const void *digest, unsigned int dlen)
+                            const void *digest, unsigned int dlen,
+                            const char *info)
 {
        struct ecdsa_x962_ctx *ctx = crypto_sig_ctx(tfm);
        struct ecdsa_x962_signature_ctx sig_ctx;
@@ -89,7 +90,7 @@ static int ecdsa_x962_verify(struct crypto_sig *tfm,
                return err;
 
        return crypto_sig_verify(ctx->child, &sig_ctx.sig, sizeof(sig_ctx.sig),
-                                digest, dlen);
+                                digest, dlen, info);
 }
 
 static unsigned int ecdsa_x962_key_size(struct crypto_sig *tfm)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index ce8e4364842f..144fd6b9168b 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -65,7 +65,8 @@ static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 
*hash, const u64 *r, con
  */
 static int ecdsa_verify(struct crypto_sig *tfm,
                        const void *src, unsigned int slen,
-                       const void *digest, unsigned int dlen)
+                       const void *digest, unsigned int dlen,
+                       const char *info)
 {
        struct ecc_ctx *ctx = crypto_sig_ctx(tfm);
        size_t bufsize = ctx->curve->g.ndigits * sizeof(u64);
diff --git a/crypto/ecrdsa.c b/crypto/ecrdsa.c
index 2c0602f0cd40..59f2d5bb3be4 100644
--- a/crypto/ecrdsa.c
+++ b/crypto/ecrdsa.c
@@ -69,7 +69,8 @@ static const struct ecc_curve *get_curve_by_oid(enum OID oid)
 
 static int ecrdsa_verify(struct crypto_sig *tfm,
                         const void *src, unsigned int slen,
-                        const void *digest, unsigned int dlen)
+                        const void *digest, unsigned int dlen,
+                        const char *info)
 {
        struct ecrdsa_ctx *ctx = crypto_sig_ctx(tfm);
        unsigned int ndigits = dlen / sizeof(u64);
diff --git a/crypto/mldsa.c b/crypto/mldsa.c
index 2146c774b5ca..ba071d030ab0 100644
--- a/crypto/mldsa.c
+++ b/crypto/mldsa.c
@@ -25,7 +25,8 @@ static int crypto_mldsa_sign(struct crypto_sig *tfm,
 
 static int crypto_mldsa_verify(struct crypto_sig *tfm,
                               const void *sig, unsigned int sig_len,
-                              const void *msg, unsigned int msg_len)
+                              const void *msg, unsigned int msg_len,
+                              const char *info)
 {
        const struct crypto_mldsa_ctx *ctx = crypto_sig_ctx(tfm);
 
diff --git a/crypto/rsassa-pkcs1.c b/crypto/rsassa-pkcs1.c
index 94fa5e9600e7..6283050e609a 100644
--- a/crypto/rsassa-pkcs1.c
+++ b/crypto/rsassa-pkcs1.c
@@ -215,7 +215,8 @@ static int rsassa_pkcs1_sign(struct crypto_sig *tfm,
 
 static int rsassa_pkcs1_verify(struct crypto_sig *tfm,
                               const void *src, unsigned int slen,
-                              const void *digest, unsigned int dlen)
+                              const void *digest, unsigned int dlen,
+                              const char *info)
 {
        struct sig_instance *inst = sig_alg_instance(tfm);
        struct rsassa_pkcs1_inst_ctx *ictx = sig_instance_ctx(inst);
diff --git a/crypto/sig.c b/crypto/sig.c
index beba745b6405..c56fea3a53ae 100644
--- a/crypto/sig.c
+++ b/crypto/sig.c
@@ -92,7 +92,8 @@ static int sig_default_sign(struct crypto_sig *tfm,
 
 static int sig_default_verify(struct crypto_sig *tfm,
                              const void *src, unsigned int slen,
-                             const void *dst, unsigned int dlen)
+                             const void *dst, unsigned int dlen,
+                             const char *info)
 {
        return -ENOSYS;
 }
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index e4ec8003a3a4..1e9a1e4e9916 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -47,6 +47,7 @@ struct public_key_signature {
        u32 s_size;             /* Number of bytes in signature */
        u32 digest_size;        /* Number of bytes in digest */
        bool algo_does_hash;    /* Public key algo does its own hashing */
+       char *info;             /* Supplementary parameters */
        const char *pkey_algo;
        const char *hash_algo;
        const char *encoding;
diff --git a/include/crypto/sig.h b/include/crypto/sig.h
index fa6dafafab3f..885fa6487780 100644
--- a/include/crypto/sig.h
+++ b/include/crypto/sig.h
@@ -56,7 +56,8 @@ struct sig_alg {
                    void *dst, unsigned int dlen);
        int (*verify)(struct crypto_sig *tfm,
                      const void *src, unsigned int slen,
-                     const void *digest, unsigned int dlen);
+                     const void *digest, unsigned int dlen,
+                     const char *info);
        int (*set_pub_key)(struct crypto_sig *tfm,
                           const void *key, unsigned int keylen);
        int (*set_priv_key)(struct crypto_sig *tfm,
@@ -209,16 +210,18 @@ static inline int crypto_sig_sign(struct crypto_sig *tfm,
  * @slen:      source length
  * @digest:    digest
  * @dlen:      digest length
+ * @info:      Additional parameters as a set of k=v
  *
  * Return: zero on verification success; error code in case of error.
  */
 static inline int crypto_sig_verify(struct crypto_sig *tfm,
                                    const void *src, unsigned int slen,
-                                   const void *digest, unsigned int dlen)
+                                   const void *digest, unsigned int dlen,
+                                   const char *info)
 {
        struct sig_alg *alg = crypto_sig_alg(tfm);
 
-       return alg->verify(tfm, src, slen, digest, dlen);
+       return alg->verify(tfm, src, slen, digest, dlen, info);
 }
 
 /**

[PATCH v11 5/8] crypto: Add supplementary info param to asymmetric key signature verification

Reply via email to