Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3424809rdh; Thu, 28 Sep 2023 11:08:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHxMkMVkFj9uUVWy4hx1aqhh4yFdIFrP+xsUSGm+ExDEwHQ1rWwaMS7rqU8owdyekd7Ch4f X-Received: by 2002:a05:6a20:7349:b0:15f:16f5:858e with SMTP id v9-20020a056a20734900b0015f16f5858emr2069651pzc.58.1695924531274; Thu, 28 Sep 2023 11:08:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695924531; cv=none; d=google.com; s=arc-20160816; b=zLFQKSyQE57lRPU9MFMm5DtWyC1e+20ZjIyGQz64bkx8L/9B2myUcPimIAM8zQmsZq 8+VAXB/lr8aIO0ZPAw0Xh/t+GbivBIkAwlb17L59JAEIhwgBfvR0blVTnNYK3YkO2MFy 5o2W9xoKnOgiSN7jQRZprvGhTc6piP22i8yj0Oj5ke9JdotXWz7X+syv1cb5ZmwvqOQq xJxE2vGtYAxSj1m9ijJQSgMP9Zb4Ha7/mH3hv/NmpHoPQbFYCEJKHr25tb/32KZgodpe 0yUyONDdcpkgq9VrjAfLTCp/hdYseaDm6WkrFiPhg4QTRUExhUGUhUTYYzVAH9LNgp0d msjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:date:from:references:in-reply-to :message-id; bh=5d+vTcLS5P9p5YjM/3zeE4qF+dH/bg84VK/HWfSiM64=; fh=j94gzfSAT+8kF46ZvOkY3DNYs/HkghetT1vgREBUW1M=; b=GALLk8TcYVWt8d5B8Mb9NgxH+4TpGb2LNVj6/oqb7JvyKI7VIvoGim0Kci7opr1L82 Chlpr3Wrw8fsO3Ftfd/7FYkEzBE6UE+7whYPMiwQvu7xXWveqL4RgGOO5pudw9lSWTss 6GInk3aRxo/Bp7c6PV1a8SERT3DibsMLHq8FuEtKScOpoxApO5x26SwMvPPh8cFIffq/ b8uaO5c1B/F45w1gUplPEtVtHj3y656Q4XBSQE+576tLXDEN7FWVtYZZjlR0LWxnvlRF I6nBGTIYjiGlMTIhEeFaLzAnk+qR4LOEAaAWyoQUsf9E+rvxTrv0GaybYmMpsln+s4C7 AaSw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id i16-20020a17090acf9000b00274a22e6364si11402999pju.92.2023.09.28.11.08.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 11:08:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 7091F801D65E; Thu, 28 Sep 2023 10:57:01 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230246AbjI1R47 (ORCPT + 99 others); Thu, 28 Sep 2023 13:56:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229870AbjI1R47 (ORCPT ); Thu, 28 Sep 2023 13:56:59 -0400 Received: from mailout3.hostsharing.net (mailout3.hostsharing.net [IPv6:2a01:4f8:150:2161:1:b009:f236:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E913519D; Thu, 28 Sep 2023 10:56:56 -0700 (PDT) Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by mailout3.hostsharing.net (Postfix) with ESMTPS id B2E8710029AE0; Thu, 28 Sep 2023 19:56:54 +0200 (CEST) Received: from localhost (unknown [89.246.108.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by h08.hostsharing.net (Postfix) with ESMTPSA id 66DAD60D850C; Thu, 28 Sep 2023 19:56:54 +0200 (CEST) X-Mailbox-Line: From f4a63091203d09e275c3df983692b630ffca4bca Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: References: From: Lukas Wunner Date: Thu, 28 Sep 2023 19:32:35 +0200 Subject: [PATCH 05/12] crypto: akcipher - Support more than one signature encoding To: Bjorn Helgaas , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , , , , , , Cc: Jonathan Cameron , , David Box , Dan Williams , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Alexey Kardashevskiy , Tom Lendacky , Sean Christopherson , Alexander Graf X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 28 Sep 2023 10:57:01 -0700 (PDT) Currently only a single default signature encoding is supported per akcipher. A subsequent commit will allow a second encoding for ecdsa, namely P1363 alternatively to X9.62. To accommodate for that, amend struct akcipher_request and struct crypto_akcipher_sync_data to store the desired signature encoding for verify and sign ops. Amend akcipher_request_set_crypt(), crypto_sig_verify() and crypto_sig_sign() with an additional parameter which specifies the desired signature encoding. Adjust all callers. Signed-off-by: Lukas Wunner --- crypto/akcipher.c | 2 +- crypto/asymmetric_keys/public_key.c | 4 ++-- crypto/internal.h | 1 + crypto/rsa-pkcs1pad.c | 11 +++++++---- crypto/sig.c | 6 ++++-- crypto/testmgr.c | 8 +++++--- crypto/testmgr.h | 1 + include/crypto/akcipher.h | 10 +++++++++- include/crypto/sig.h | 6 ++++-- 9 files changed, 34 insertions(+), 15 deletions(-) diff --git a/crypto/akcipher.c b/crypto/akcipher.c index 52813f0b19e4..88501c0886d2 100644 --- a/crypto/akcipher.c +++ b/crypto/akcipher.c @@ -221,7 +221,7 @@ int crypto_akcipher_sync_prep(struct crypto_akcipher_sync_data *data) sg = &data->sg; sg_init_one(sg, buf, mlen); akcipher_request_set_crypt(req, sg, data->dst ? sg : NULL, - data->slen, data->dlen); + data->slen, data->dlen, data->enc); crypto_init_wait(&data->cwait); akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index abeecb8329b3..7f96e8e501db 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -354,7 +354,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params, if (!issig) break; ret = crypto_sig_sign(sig, in, params->in_len, - out, params->out_len); + out, params->out_len, params->encoding); break; default: BUG(); @@ -438,7 +438,7 @@ int public_key_verify_signature(const struct public_key *pkey, goto error_free_key; ret = crypto_sig_verify(tfm, sig->s, sig->s_size, - sig->digest, sig->digest_size); + sig->digest, sig->digest_size, sig->encoding); error_free_key: kfree_sensitive(key); diff --git a/crypto/internal.h b/crypto/internal.h index 63e59240d5fb..268315b13ccd 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -41,6 +41,7 @@ struct crypto_akcipher_sync_data { void *dst; unsigned int slen; unsigned int dlen; + const char *enc; struct akcipher_request *req; struct crypto_wait cwait; diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index d2e5e104f8cf..5f9313a3b01e 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -262,7 +262,8 @@ static int pkcs1pad_encrypt(struct akcipher_request *req) /* Reuse output buffer */ akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg, - req->dst, ctx->key_size - 1, req->dst_len); + req->dst, ctx->key_size - 1, req->dst_len, + NULL); err = crypto_akcipher_encrypt(&req_ctx->child_req); if (err != -EINPROGRESS && err != -EBUSY) @@ -362,7 +363,7 @@ static int pkcs1pad_decrypt(struct akcipher_request *req) /* Reuse input buffer, output to a new buffer */ akcipher_request_set_crypt(&req_ctx->child_req, req->src, req_ctx->out_sg, req->src_len, - ctx->key_size); + ctx->key_size, NULL); err = crypto_akcipher_decrypt(&req_ctx->child_req); if (err != -EINPROGRESS && err != -EBUSY) @@ -419,7 +420,8 @@ static int pkcs1pad_sign(struct akcipher_request *req) /* Reuse output buffer */ akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg, - req->dst, ctx->key_size - 1, req->dst_len); + req->dst, ctx->key_size - 1, req->dst_len, + req->enc); err = crypto_akcipher_decrypt(&req_ctx->child_req); if (err != -EINPROGRESS && err != -EBUSY) @@ -551,7 +553,8 @@ static int pkcs1pad_verify(struct akcipher_request *req) /* Reuse input buffer, output to a new buffer */ akcipher_request_set_crypt(&req_ctx->child_req, req->src, - req_ctx->out_sg, sig_size, ctx->key_size); + req_ctx->out_sg, sig_size, ctx->key_size, + req->enc); err = crypto_akcipher_encrypt(&req_ctx->child_req); if (err != -EINPROGRESS && err != -EBUSY) diff --git a/crypto/sig.c b/crypto/sig.c index 224c47019297..4fc1a8f865e4 100644 --- a/crypto/sig.c +++ b/crypto/sig.c @@ -89,7 +89,7 @@ EXPORT_SYMBOL_GPL(crypto_sig_maxsize); int crypto_sig_sign(struct crypto_sig *tfm, const void *src, unsigned int slen, - void *dst, unsigned int dlen) + void *dst, unsigned int dlen, const char *enc) { struct crypto_akcipher **ctx = crypto_sig_ctx(tfm); struct crypto_akcipher_sync_data data = { @@ -98,6 +98,7 @@ int crypto_sig_sign(struct crypto_sig *tfm, .dst = dst, .slen = slen, .dlen = dlen, + .enc = enc, }; return crypto_akcipher_sync_prep(&data) ?: @@ -108,7 +109,7 @@ EXPORT_SYMBOL_GPL(crypto_sig_sign); int crypto_sig_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, const char *enc) { struct crypto_akcipher **ctx = crypto_sig_ctx(tfm); struct crypto_akcipher_sync_data data = { @@ -116,6 +117,7 @@ int crypto_sig_verify(struct crypto_sig *tfm, .src = src, .slen = slen, .dlen = dlen, + .enc = enc, }; int err; diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 216878c8bc3d..d5dd715673dd 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4154,11 +4154,12 @@ static int test_akcipher_one(struct crypto_akcipher *tfm, goto free_all; memcpy(xbuf[1], c, c_size); sg_set_buf(&src_tab[2], xbuf[1], c_size); - akcipher_request_set_crypt(req, src_tab, NULL, m_size, c_size); + akcipher_request_set_crypt(req, src_tab, NULL, m_size, c_size, + vecs->enc); } else { sg_init_one(&dst, outbuf_enc, out_len_max); akcipher_request_set_crypt(req, src_tab, &dst, m_size, - out_len_max); + out_len_max, NULL); } akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, crypto_req_done, &wait); @@ -4217,7 +4218,8 @@ static int test_akcipher_one(struct crypto_akcipher *tfm, sg_init_one(&src, xbuf[0], c_size); sg_init_one(&dst, outbuf_dec, out_len_max); crypto_init_wait(&wait); - akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max); + akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max, + vecs->enc); err = crypto_wait_req(vecs->siggen_sigver_test ? /* Run asymmetric signature generation */ diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 5ca7a412508f..ad57e7af2e14 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -153,6 +153,7 @@ struct akcipher_testvec { const unsigned char *params; const unsigned char *m; const unsigned char *c; + const char *enc; unsigned int key_len; unsigned int param_len; unsigned int m_size; diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h index 670508f1dca1..00bbec69af3b 100644 --- a/include/crypto/akcipher.h +++ b/include/crypto/akcipher.h @@ -30,6 +30,8 @@ * In case of error where the dst sgl size was insufficient, * it will be updated to the size required for the operation. * For verify op this is size of digest part in @src. + * @enc: For verify op it's the encoding of the signature part of @src. + * For sign op it's the encoding of the signature in @dst. * @__ctx: Start of private context data */ struct akcipher_request { @@ -38,6 +40,7 @@ struct akcipher_request { struct scatterlist *dst; unsigned int src_len; unsigned int dst_len; + const char *enc; void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -272,17 +275,22 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req, * @src_len: size of the src input scatter list to be processed * @dst_len: size of the dst output scatter list or size of signature * portion in @src for verify op + * @enc: encoding of signature portion in @src for verify op, + * encoding of signature in @dst for sign op, + * NULL for encrypt and decrypt op */ static inline void akcipher_request_set_crypt(struct akcipher_request *req, struct scatterlist *src, struct scatterlist *dst, unsigned int src_len, - unsigned int dst_len) + unsigned int dst_len, + const char *enc) { req->src = src; req->dst = dst; req->src_len = src_len; req->dst_len = dst_len; + req->enc = enc; } /** diff --git a/include/crypto/sig.h b/include/crypto/sig.h index 641b4714c448..1df18005c854 100644 --- a/include/crypto/sig.h +++ b/include/crypto/sig.h @@ -81,12 +81,13 @@ int crypto_sig_maxsize(struct crypto_sig *tfm); * @slen: source length * @dst: destinatino obuffer * @dlen: destination length + * @enc: signature encoding * * Return: zero on success; error code in case of error */ int crypto_sig_sign(struct crypto_sig *tfm, const void *src, unsigned int slen, - void *dst, unsigned int dlen); + void *dst, unsigned int dlen, const char *enc); /** * crypto_sig_verify() - Invoke signature verification @@ -99,12 +100,13 @@ int crypto_sig_sign(struct crypto_sig *tfm, * @slen: source length * @digest: digest * @dlen: digest length + * @enc: signature encoding * * Return: zero on verification success; error code in case of error. */ int crypto_sig_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen); + const void *digest, unsigned int dlen, const char *enc); /** * crypto_sig_set_pubkey() - Invoke set public key operation -- 2.40.1