From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
To: herbert@gondor.apana.org.au
Cc: davem@davemloft.net, dhowells@redhat.com, jarkko@kernel.org,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, tianjia.zhang@linux.alibaba.com,
varad.gautam@suse.com, vt@altlinux.org
Subject: Re: [PATCH v3 13/18] crypto: rsa-psspad: Get signature parameters from a given signature
Date: Wed, 20 Sep 2023 18:12:06 +0100 [thread overview]
Message-ID: <20230920171206.504360-1-dimitri.ledkov@canonical.com> (raw)
In-Reply-To: <20210514104535.q4zjtshxroruvoz3@gondor.apana.org.au>
Herbert Xu <herbert@gondor.apana.org.au> writes:
> On Tue, Apr 20, 2021 at 01:41:18PM +0200, Varad Gautam wrote:
>>
>> +static int psspad_set_sig_params(struct crypto_akcipher *tfm,
>> + const void *sig,
>> + unsigned int siglen)
>> +{
>> + struct akcipher_instance *inst = akcipher_alg_instance(tfm);
>> + struct rsapad_inst_ctx *ictx = akcipher_instance_ctx(inst);
>> + const struct public_key_signature *s = sig;
>> +
>> + if (!sig)
>> + return -EINVAL;
>> +
>> + ictx->salt_len = s->salt_length;
>> + ictx->mgf_hash_algo = s->mgf_hash_algo;
>
> Is there any reason why this couldn't be embedded into the key
> instead?
>
Whilst is is correct that the same key can be used to verify either
types of signatures, it is best practice to use separate and new keys
in such situations. This prevents compromising key due to any
weaknesses in the one or the other signature types.
Thus imho it does make sense to embed sal_len & hash_algo into the key
instead, and thus only allow PSS signature verification with such a
key. This is common for x509 certs too as used in TLS. (at least this
is my understanding of all of this).
But this is a minor point which can fix now or later.
BTW, this patch series overall look very good to me and I want to use
PSS signatures in my kernel builds. What is the status of merging this
patch series?
Regards,
Dimitri.
next prev parent reply other threads:[~2023-09-20 17:12 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-20 11:41 [PATCH v3 00/18] Implement RSASSA-PSS signature verification Varad Gautam
2021-04-20 11:41 ` [PATCH v3 01/18] X.509: Parse RSASSA-PSS style certificates Varad Gautam
2021-04-20 11:41 ` [PATCH v3 02/18] crypto: rsa-pkcs1pad: Rename pkcs1pad-specific functions to rsapad Varad Gautam
2021-04-20 11:41 ` [PATCH v3 03/18] crypto: rsa-pkcs1pad: Extract pkcs1pad_create into a generic helper Varad Gautam
2021-04-20 11:41 ` [PATCH v3 04/18] crypto: rsa-pkcs1pad: Pull out child req processing code into helpers Varad Gautam
2021-04-20 11:41 ` [PATCH v3 05/18] crypto: rsa-pkcs1pad: Rename pkcs1pad_* structs to rsapad_* Varad Gautam
2021-04-20 11:41 ` [PATCH v3 06/18] crypto: rsa: Start moving RSA common code to rsa-common Varad Gautam
2021-04-20 11:41 ` [PATCH v3 07/18] crypto: rsa: Move more " Varad Gautam
2021-04-20 11:41 ` [PATCH v3 08/18] crypto: rsa: Move rsapad_akcipher_setup_child and callback " Varad Gautam
2021-04-20 11:41 ` [PATCH v3 09/18] crypto: Extend akcipher API to pass signature parameters Varad Gautam
2021-04-20 11:41 ` [PATCH v3 10/18] crypto: rsa: Move struct rsa_mpi_key definition to rsa.h Varad Gautam
2021-04-20 11:41 ` [PATCH v3 11/18] crypto: Scaffolding for RSA-PSS signature style Varad Gautam
2021-04-20 11:41 ` [PATCH v3 12/18] crypto: rsa-psspad: Introduce shash alloc/dealloc helpers Varad Gautam
2021-04-20 11:41 ` [PATCH v3 13/18] crypto: rsa-psspad: Get signature parameters from a given signature Varad Gautam
2021-05-14 10:45 ` Herbert Xu
2021-07-05 9:39 ` Varad Gautam
2023-09-20 17:12 ` Dimitri John Ledkov [this message]
2021-04-20 11:41 ` [PATCH v3 14/18] crypto: Implement MGF1 Mask Generation Function for RSASSA-PSS Varad Gautam
2021-04-20 11:41 ` [PATCH v3 15/18] crypto: rsa-psspad: Provide PSS signature verify operation Varad Gautam
2021-04-20 11:41 ` [PATCH v3 16/18] crypto: rsa-psspad: Implement signature verify callback Varad Gautam
2021-04-20 11:41 ` [PATCH v3 17/18] crypto: Accept pss as valid encoding during signature verification Varad Gautam
2021-04-20 11:41 ` [PATCH v3 18/18] keyctl_pkey: Add pkey parameters saltlen and mgfhash for PSS Varad Gautam
2021-04-20 13:27 ` Ben Boeckel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230920171206.504360-1-dimitri.ledkov@canonical.com \
--to=dimitri.ledkov@canonical.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=varad.gautam@suse.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).