From nobody Sun Feb 8 08:22:26 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE2434657EE for ; Tue, 20 Jan 2026 14:51:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768920715; cv=none; b=ckbw3K4929Mwj81m/gS1gjxDqQZ2Od4mvs3l1Hn8wOXIupK/5s/P8x5RhQPUE+jwdR1RB1ZeVVGAReXuD5yylEAU+3xduAtXB+620sjw+kFdVOsJvsE4W/ccAgWEyqpZQmCU7HOLbIF5QKyAF+ID+Ur8ffY4EJAikA0pz/e7cY8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768920715; c=relaxed/simple; bh=n1BDRy3Mvfe/G1vb8i8C8BKTdmhCmOstljaPklfb8zg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EDNhO2FBFYmGllhGEY91rYWkgaOkC08dXn9HT5kDo4kTaQk3RZj4MF1pIKAl1FNVyOev61iu3gLYXtACCMYSZ/BQacSkZP6cdQUU2amPX3Xz39Tr5oelPtQ2+4qO72uP0d5ZgRUF4nLOX2d92ar7A69FH8Y60XP5NkGS5d7vYmg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=QmUrC/sv; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QmUrC/sv" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1768920712; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XXT2OGyjfHPFHeZtvk+/jjDN9ReDwfhhRYI9tCo0qxI=; b=QmUrC/sv2jau8qoGLUuR+aNV//jYkpOF2qBfeUr0PKAXISBq8UkrvZkr2kow797c0voCFR SOz/z2+Ajdh+SF+PJf2doT1VvQAsS1hg7aJfck+SqlZoA6js3zumImRU6lA0VbyPQsrcx5 xTDpzWzuGURJ+Mo+inzG5XDHrQCLQxU= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-558-n35gbfTsPrOPoGkHPD_slg-1; Tue, 20 Jan 2026 09:51:46 -0500 X-MC-Unique: n35gbfTsPrOPoGkHPD_slg-1 X-Mimecast-MFC-AGG-ID: n35gbfTsPrOPoGkHPD_slg_1768920704 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 21EB91956053; Tue, 20 Jan 2026 14:51:44 +0000 (UTC) Received: from warthog.procyon.org.uk.com (unknown [10.42.28.2]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1BD9519560A2; Tue, 20 Jan 2026 14:51:39 +0000 (UTC) From: David Howells To: Lukas Wunner , Ignat Korchagin Cc: David Howells , Jarkko Sakkinen , Herbert Xu , Eric Biggers , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , "Jason A . Donenfeld" , Ard Biesheuvel , Stephan Mueller , linux-crypto@vger.kernel.org, keyrings@vger.kernel.org, linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, "David S. Miller" Subject: [PATCH v13 06/12] crypto: Add supplementary info param to asymmetric key signature verification Date: Tue, 20 Jan 2026 14:50:52 +0000 Message-ID: <20260120145103.1176337-7-dhowells@redhat.com> In-Reply-To: <20260120145103.1176337-1-dhowells@redhat.com> References: <20260120145103.1176337-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Type: text/plain; charset="utf-8" Add a supplementary information parameter to the asymmetric key signature verification API, in particular crypto_sig_verify() and sig_alg::verify. This takes the form of a printable string containing of key=3Dval elements. This is needed as some algorithms require additional metadata (e.g. RSASSA-PSS) and this extra metadata is included in the X.509 certificates and PKCS#7 messages. Furthermore, keyctl(KEYCTL_PKEY_VERIFY) already allows for this to be passed to the kernel, as do the _SIGN, _ENCRYPT and _DECRYPT keyctls. Signed-off-by: David Howells Reviewed-by: Ignat Korchagin cc: Herbert Xu cc: "David S. Miller" cc: Lukas Wunner cc: keyrings@vger.kernel.org cc: linux-crypto@vger.kernel.org --- crypto/asymmetric_keys/asymmetric_type.c | 1 + crypto/asymmetric_keys/public_key.c | 2 +- crypto/asymmetric_keys/signature.c | 1 + crypto/ecdsa-p1363.c | 5 +++-- crypto/ecdsa-x962.c | 5 +++-- crypto/ecdsa.c | 3 ++- crypto/ecrdsa.c | 3 ++- crypto/mldsa.c | 3 ++- crypto/rsassa-pkcs1.c | 3 ++- crypto/sig.c | 3 ++- crypto/testmgr.c | 2 +- crypto/testmgr.h | 1 + include/crypto/public_key.h | 1 + include/crypto/sig.h | 9 ++++++--- 14 files changed, 28 insertions(+), 14 deletions(-) diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_k= eys/asymmetric_type.c index 348966ea2175..dad4f0edfa25 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -596,6 +596,7 @@ static int asymmetric_key_verify_signature(struct kerne= l_pkey_params *params, .digest_size =3D params->in_len, .encoding =3D params->encoding, .hash_algo =3D params->hash_algo, + .info =3D params->info, .digest =3D (void *)in, .s =3D (void *)in2, }; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/p= ublic_key.c index ed6b4b5ae4ef..61dc4f626620 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -433,7 +433,7 @@ int public_key_verify_signature(const struct public_key= *pkey, goto error_free_key; =20 ret =3D crypto_sig_verify(tfm, sig->s, sig->s_size, - sig->digest, sig->digest_size); + sig->digest, sig->digest_size, sig->info); =20 error_free_key: kfree_sensitive(key); diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/si= gnature.c index bea01cf27d0a..30ba50eb44af 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c @@ -30,6 +30,7 @@ void public_key_signature_free(struct public_key_signatur= e *sig) kfree(sig->s); if (sig->digest_free) kfree(sig->digest); + kfree(sig->info); kfree(sig); } } diff --git a/crypto/ecdsa-p1363.c b/crypto/ecdsa-p1363.c index e0c55c64711c..fa987dba1213 100644 --- a/crypto/ecdsa-p1363.c +++ b/crypto/ecdsa-p1363.c @@ -18,7 +18,8 @@ struct ecdsa_p1363_ctx { =20 static int ecdsa_p1363_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, + const char *info) { struct ecdsa_p1363_ctx *ctx =3D crypto_sig_ctx(tfm); unsigned int keylen =3D DIV_ROUND_UP_POW2(crypto_sig_keysize(ctx->child), @@ -32,7 +33,7 @@ static int ecdsa_p1363_verify(struct crypto_sig *tfm, ecc_digits_from_bytes(src, keylen, sig.r, ndigits); ecc_digits_from_bytes(src + keylen, keylen, sig.s, ndigits); =20 - return crypto_sig_verify(ctx->child, &sig, sizeof(sig), digest, dlen); + return crypto_sig_verify(ctx->child, &sig, sizeof(sig), digest, dlen, inf= o); } =20 static unsigned int ecdsa_p1363_key_size(struct crypto_sig *tfm) diff --git a/crypto/ecdsa-x962.c b/crypto/ecdsa-x962.c index ee71594d10a0..5d7f1078989c 100644 --- a/crypto/ecdsa-x962.c +++ b/crypto/ecdsa-x962.c @@ -75,7 +75,8 @@ int ecdsa_get_signature_s(void *context, size_t hdrlen, u= nsigned char tag, =20 static int ecdsa_x962_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, + const char *info) { struct ecdsa_x962_ctx *ctx =3D crypto_sig_ctx(tfm); struct ecdsa_x962_signature_ctx sig_ctx; @@ -89,7 +90,7 @@ static int ecdsa_x962_verify(struct crypto_sig *tfm, return err; =20 return crypto_sig_verify(ctx->child, &sig_ctx.sig, sizeof(sig_ctx.sig), - digest, dlen); + digest, dlen, info); } =20 static unsigned int ecdsa_x962_key_size(struct crypto_sig *tfm) diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index ce8e4364842f..144fd6b9168b 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -65,7 +65,8 @@ static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *= hash, const u64 *r, con */ static int ecdsa_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, + const char *info) { struct ecc_ctx *ctx =3D crypto_sig_ctx(tfm); size_t bufsize =3D ctx->curve->g.ndigits * sizeof(u64); diff --git a/crypto/ecrdsa.c b/crypto/ecrdsa.c index 2c0602f0cd40..59f2d5bb3be4 100644 --- a/crypto/ecrdsa.c +++ b/crypto/ecrdsa.c @@ -69,7 +69,8 @@ static const struct ecc_curve *get_curve_by_oid(enum OID = oid) =20 static int ecrdsa_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, + const char *info) { struct ecrdsa_ctx *ctx =3D crypto_sig_ctx(tfm); unsigned int ndigits =3D dlen / sizeof(u64); diff --git a/crypto/mldsa.c b/crypto/mldsa.c index 2146c774b5ca..ba071d030ab0 100644 --- a/crypto/mldsa.c +++ b/crypto/mldsa.c @@ -25,7 +25,8 @@ static int crypto_mldsa_sign(struct crypto_sig *tfm, =20 static int crypto_mldsa_verify(struct crypto_sig *tfm, const void *sig, unsigned int sig_len, - const void *msg, unsigned int msg_len) + const void *msg, unsigned int msg_len, + const char *info) { const struct crypto_mldsa_ctx *ctx =3D crypto_sig_ctx(tfm); =20 diff --git a/crypto/rsassa-pkcs1.c b/crypto/rsassa-pkcs1.c index 94fa5e9600e7..6283050e609a 100644 --- a/crypto/rsassa-pkcs1.c +++ b/crypto/rsassa-pkcs1.c @@ -215,7 +215,8 @@ static int rsassa_pkcs1_sign(struct crypto_sig *tfm, =20 static int rsassa_pkcs1_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, + const char *info) { struct sig_instance *inst =3D sig_alg_instance(tfm); struct rsassa_pkcs1_inst_ctx *ictx =3D sig_instance_ctx(inst); diff --git a/crypto/sig.c b/crypto/sig.c index beba745b6405..c56fea3a53ae 100644 --- a/crypto/sig.c +++ b/crypto/sig.c @@ -92,7 +92,8 @@ static int sig_default_sign(struct crypto_sig *tfm, =20 static int sig_default_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *dst, unsigned int dlen) + const void *dst, unsigned int dlen, + const char *info) { return -ENOSYS; } diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 5df204d9c9dd..51f76b15f134 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3969,7 +3969,7 @@ static int test_sig_one(struct crypto_sig *tfm, const= struct sig_testvec *vecs) * (which does not require a private key) */ err =3D crypto_sig_verify(tfm, vecs->c, vecs->c_size, - vecs->m, vecs->m_size); + vecs->m, vecs->m_size, vecs->verify_info); if (err) { pr_err("alg: sig: verify test failed: err %d\n", err); return err; diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 1a3329e1c325..305adad2f2d0 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -146,6 +146,7 @@ struct akcipher_testvec { =20 struct sig_testvec { const unsigned char *key; + const unsigned char *verify_info; const unsigned char *params; const unsigned char *m; const unsigned char *c; diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 68899a49cd0d..b6f2f2218aae 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -48,6 +48,7 @@ struct public_key_signature { u32 digest_size; /* Number of bytes in digest */ bool digest_free; /* T if digest needs freeing */ bool algo_does_hash; /* Public key algo does its own hashing */ + char *info; /* Supplementary parameters */ const char *pkey_algo; const char *hash_algo; const char *encoding; diff --git a/include/crypto/sig.h b/include/crypto/sig.h index fa6dafafab3f..885fa6487780 100644 --- a/include/crypto/sig.h +++ b/include/crypto/sig.h @@ -56,7 +56,8 @@ struct sig_alg { void *dst, unsigned int dlen); int (*verify)(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen); + const void *digest, unsigned int dlen, + const char *info); int (*set_pub_key)(struct crypto_sig *tfm, const void *key, unsigned int keylen); int (*set_priv_key)(struct crypto_sig *tfm, @@ -209,16 +210,18 @@ static inline int crypto_sig_sign(struct crypto_sig *= tfm, * @slen: source length * @digest: digest * @dlen: digest length + * @info: Additional parameters as a set of k=3Dv * * Return: zero on verification success; error code in case of error. */ static inline int crypto_sig_verify(struct crypto_sig *tfm, const void *src, unsigned int slen, - const void *digest, unsigned int dlen) + const void *digest, unsigned int dlen, + const char *info) { struct sig_alg *alg =3D crypto_sig_alg(tfm); =20 - return alg->verify(tfm, src, slen, digest, dlen); + return alg->verify(tfm, src, slen, digest, dlen, info); } =20 /**