From nobody Sun Jun 14 20:11:20 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A07F63845BA; Sun, 5 Apr 2026 23:12:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775430772; cv=none; b=SRkWHWmJwMaB6EBpSXly8DAG1BppsMmG7Mp3Jjaw+zcZU9J2QwlhTEJM9KI9+0Tcc87mTpND3dLkiEjhI0rClL40jy6EPqXeU3bZEHn3W9WJBSaVrRVI39wRLXaOezWQMywZhMxg61C7v4nXGYdNuydp+jO9hc0jJghls1ZJiOw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775430772; c=relaxed/simple; bh=RKscOPFvYdq0dd98pq3pzwNgVvMIRTQZM+3SnWFroVk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cIDNGs3QqKTSVX/OFCjyYKBWYkMa8jHoPlnjTODbneAYL+RTW++s61HrlxUKxiPp2e5zENJkRLr/TYWHn2KWDNhKqRMn/iM6Km1NFiNw5WA1tbT+TbkWVCCOG5j1iXzwQT4gdB4tNAJM1YDatEEoYGjAMwMwlAcOVBbjzTQLtgc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=Qn7JKr4T; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="Qn7JKr4T" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 635K04So3444047; Sun, 5 Apr 2026 23:12:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=YC0+m+DhEARNhrzYM b8TiEdynyxP4Br8iE3bDr8XovE=; b=Qn7JKr4THG+kS6BY0aMMtUMBXT6eYpYX9 55pA0Cr6sElQlUhAAtrTwBRWnKQk/gFA5yziYggj3e4FgI8wHOKLjSMoxfVEx4rg npXWSamHb4gWUjZWql2WycrJXjhbQeN45tk3OpPhKPk7lf2bwA8NYU3KdaP9iAl4 33v8lVpmr5yf5uWRrIF3lT+uZC94uVIZbfel/lmqWE8M0BK4jWAx+wbetJDg2ZST cHWEKAWy0Y/ilvpbxZvW2g3UJ4/TKQnLMIslEJ78sPKTEGC5th1f0q3sre9GXvfx IknkilwXVgL+9l4z6eyjlJXEfWRAjipxWMd25AyhtpJWqLEczlTzw== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4dat9rc64b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Apr 2026 23:12:35 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 635MsDcI020298; Sun, 5 Apr 2026 23:12:35 GMT Received: from smtprelay07.dal12v.mail.ibm.com ([172.16.1.9]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4dbdynanxd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Apr 2026 23:12:35 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 635NCXRS24904230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 5 Apr 2026 23:12:33 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 615D15805B; Sun, 5 Apr 2026 23:12:33 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4BE6858059; Sun, 5 Apr 2026 23:12:32 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Sun, 5 Apr 2026 23:12:32 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org, zohar@linux.ibm.com, roberto.sassu@huawei.com, ebiggers@kernel.org, Stefan Berger , David Howells , Lukas Wunner , Ignat Korchagin , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH 1/3] crypto: public_key: Remove check for valid hash_algo for ML-DSA keys Date: Sun, 5 Apr 2026 19:12:22 -0400 Message-ID: <20260405231224.4008298-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260405231224.4008298-1-stefanb@linux.ibm.com> References: <20260405231224.4008298-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: E2_gpMsXKyTCKxIyhMMyi9dQ7_Ljeu70 X-Proofpoint-ORIG-GUID: E2_gpMsXKyTCKxIyhMMyi9dQ7_Ljeu70 X-Authority-Analysis: v=2.4 cv=bLYb4f+Z c=1 sm=1 tr=0 ts=69d2ec63 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=20KFwNOVAAAA:8 a=VwQbUJbxAAAA:8 a=VnNF1IyMAAAA:8 a=ZmJwLY9U1ndrk4b8UDEA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDA1MDIzNyBTYWx0ZWRfX8M6uFqyctA6d W8Ps4YI/PoLhVbuEhrcEZwVKkL/n5DbGkg2QemXdx7ZAxWrIIQlL7VLnsF3MEbjM0rKU5/97LYW n5X/1zD21efxESlHEyUu78vrOSsSsEB/+JIunvB0shbqbcnj0J5LZTCPVUo/E2i7qrVv+ZI/NsS Xk3gepLpDmTIPK5DRu37R6+kahvU64Jy32GQkHxDj80iSnQhJg8AGGq8OArE+9pLb2Qxb8Eceih DEeY4H1WDUL7rsPzzmxCkZZjfb/EmdIGBG8fz2umew0VaptwIPvhW3Gs/JwwZ/hY/V11F6ufvjY PzoQB0Zpr44OIb+0hn4MYLoWcN8uffrVPjlw3HJ/nvBelOCC9TWLKNzETc63ngx9e8LsfJPNKnY 25gEOy3Pyy7SQeBFW+6pau4si0cKb3JwtJvAkDxYyeiOXxrh6J7XY6dRiqPgFL5/AIDVIfMGkXK q+nNnXAu80/ozCa01JQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-05_07,2026-04-03_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 adultscore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604050237 Content-Type: text/plain; charset="utf-8" Remove the check for the hash_algo since ML-DSA is only used in pure mode and there is no relevance of a hash_algo for the input data. Cc: David Howells Cc: Lukas Wunner Cc: Ignat Korchagin Cc: keyrings@vger.kernel.org Cc: linux-crypto@vger.kernel.org Signed-off-by: Stefan Berger --- crypto/asymmetric_keys/public_key.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/p= ublic_key.c index 09a0b83d5d77..df6918a77ab8 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -147,11 +147,6 @@ software_key_determine_akcipher(const struct public_ke= y *pkey, strcmp(pkey->pkey_algo, "mldsa87") =3D=3D 0) { if (strcmp(encoding, "raw") !=3D 0) return -EINVAL; - if (!hash_algo) - return -EINVAL; - if (strcmp(hash_algo, "none") !=3D 0 && - strcmp(hash_algo, "sha512") !=3D 0) - return -EINVAL; } else { /* Unknown public key algorithm */ return -ENOPKG; --=20 2.53.0 From nobody Sun Jun 14 20:11:20 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A67CF2EF67A; Sun, 5 Apr 2026 23:12:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775430771; cv=none; b=FcyHh1799/9w6xXZH8aohTKST3VSh4Ynr5PDyRcmjefP9N9DPceKGIjePGCo1tJmjJ/LZL3GuDir7Hpl57offkqDGlfAnkkbcgiQohf8IQGDhS8M4UJCAixADJMKUOKLroQpD6IrplzXFFT8LxYRnYEpkpPFP6kGkQ4mHhQ2q+s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775430771; c=relaxed/simple; bh=VffJ3U4k2l7pQdgyy08SxjbO5rRNGagE1DF2g+EXWvQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WEzZ5eEPrmNNKOThVLcdeJfl2f+CVIRfPxMJaAerfKNKfYPoXXYSwUkibx+tBL4DB0ro3NVrE+j0ClWfamgg04mSK1HIEf3Euien+pg4Rw2U+TopasfJx8GS6gckUcka6eHF94Y+Truel8l8qtIFLSdZg/XXwoJyj3BLEFKmf7s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=njei4LkJ; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="njei4LkJ" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 635MrTg63686441; Sun, 5 Apr 2026 23:12:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ljsXZyjvZBW0dqpuj VQ2iby7FO11MxaPslmIMj/tcCw=; b=njei4LkJJhqL5AHRfZbpWMDCO3FYjLDdw MgIpkdIJteoHCQhdTHmg0LxQaySpRvu7FnuhDVp9N4d/N+8EJMWsnvvS4t5xY44R L20t4veMXU0Ltv9gvnqBStTajKHxlgQxdVGd8FxIdGTWyzYZcGgVphn5plxBy1wG KbHp8cICQoumpfp4+F0l5doTBZdnYyifc+lEL8FqDpSL7/Metu7HlKH4SM0o7Z+T eiv8Fki0y0sqk0c8yAW6QuKwPT+9dIkg7HS/LaYVJ2PNEydoVMgDNnxHdus5AWGa hQEBNwVzLOz5FcneuSYRHmwFIBtwA7IBtv/UthWGWxGP+HPzCDoBw== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4das2bv9ru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Apr 2026 23:12:36 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 635MFMgD021114; Sun, 5 Apr 2026 23:12:35 GMT Received: from smtprelay01.wdc07v.mail.ibm.com ([172.16.1.68]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4dbdbyarh0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Apr 2026 23:12:35 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay01.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 635NCYCp53281132 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 5 Apr 2026 23:12:34 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 39D925805B; Sun, 5 Apr 2026 23:12:34 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 85DF958059; Sun, 5 Apr 2026 23:12:33 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Sun, 5 Apr 2026 23:12:33 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org, zohar@linux.ibm.com, roberto.sassu@huawei.com, ebiggers@kernel.org, Stefan Berger Subject: [PATCH 2/3] integrity: Refactor asymmetric_verify for reusability Date: Sun, 5 Apr 2026 19:12:23 -0400 Message-ID: <20260405231224.4008298-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260405231224.4008298-1-stefanb@linux.ibm.com> References: <20260405231224.4008298-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ubKsXJGNsCiycAayMo8eoB6PBLeKKeWH X-Proofpoint-GUID: ubKsXJGNsCiycAayMo8eoB6PBLeKKeWH X-Authority-Analysis: v=2.4 cv=U9qfzOru c=1 sm=1 tr=0 ts=69d2ec64 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=Tf38nk726vcbPy_It_cA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDA1MDIzNyBTYWx0ZWRfX6w6F6LqURbt0 mpKmalHtbe8QyVIiXYk17iRGUgUXOT0jTcmsQ70JRbEV1r54y+bNFSAgUel8yD1gMopldGiBpJu l0jpIfjrG2T7AHsj+8rhXaGPFuqu4DAr+doo+sf/l/a5tek9dJtf9nRzm2Ic5jvLOpx/B82dedK 58ubH5KlEzX0EeZQID5yjw6wSUa9auRJbiVqyiTjWV/PIGWiv/WGcrxPxpoLmnJo6T4dDcu7WR0 dgcpi47OiLediq/uxZKTHj822Ep/f/ViYrwo68a490AZ4hf6zhioQ0lX49J6t03vhW69VGSuQWQ Xj7ihPXOCa3q58KwG8Zoy4Jus1MxSW2lFlGzBqaTBJ9smC41M9YTRlaLNAHcHv28T/rxt1e0zgY GDSrGUqloLLN+aNrEc9RWcnO0qV1ajRaI1ShoB7bc1e/Se66AqTRYuoTJsx0M5mUpF2ZClJ+EQG C5HRZpLZIaf304W/gUw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-05_07,2026-04-03_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 malwarescore=0 clxscore=1015 adultscore=0 suspectscore=0 spamscore=0 priorityscore=1501 impostorscore=0 lowpriorityscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604050237 Content-Type: text/plain; charset="utf-8" Refactor asymmetric_verify for reusability. Have it call asymmetric_verify_common with the signature verification key and the public_key structure as parameters. sigv3 support for ML-DSA will need to check the public key type first to decide how to do the signature verification and therefore will have these parameters available for calling asymmetric_verify_common. Signed-off-by: Stefan Berger --- security/integrity/digsig_asymmetric.c | 42 +++++++++++++++++--------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/di= gsig_asymmetric.c index 6e68ec3becbd..e29ed73f15cd 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -79,18 +79,15 @@ static struct key *request_asymmetric_key(struct key *k= eyring, uint32_t keyid) return key; } =20 -int asymmetric_verify(struct key *keyring, const char *sig, - int siglen, const char *data, int datalen) +static int asymmetric_verify_common(const struct key *key, + const struct public_key *pk, + const char *sig, int siglen, + const char *data, int datalen) { - struct public_key_signature pks; struct signature_v2_hdr *hdr =3D (struct signature_v2_hdr *)sig; - const struct public_key *pk; - struct key *key; + struct public_key_signature pks; int ret; =20 - if (siglen <=3D sizeof(*hdr)) - return -EBADMSG; - siglen -=3D sizeof(*hdr); =20 if (siglen !=3D be16_to_cpu(hdr->sig_size)) @@ -99,15 +96,10 @@ int asymmetric_verify(struct key *keyring, const char *= sig, if (hdr->hash_algo >=3D HASH_ALGO__LAST) return -ENOPKG; =20 - key =3D request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); - if (IS_ERR(key)) - return PTR_ERR(key); - memset(&pks, 0, sizeof(pks)); =20 pks.hash_algo =3D hash_algo_name[hdr->hash_algo]; =20 - pk =3D asymmetric_key_public_key(key); pks.pkey_algo =3D pk->pkey_algo; if (!strcmp(pk->pkey_algo, "rsa")) { pks.encoding =3D "pkcs1"; @@ -127,11 +119,33 @@ int asymmetric_verify(struct key *keyring, const char= *sig, pks.s_size =3D siglen; ret =3D verify_signature(key, &pks); out: - key_put(key); pr_debug("%s() =3D %d\n", __func__, ret); return ret; } =20 +int asymmetric_verify(struct key *keyring, const char *sig, + int siglen, const char *data, int datalen) +{ + struct signature_v2_hdr *hdr =3D (struct signature_v2_hdr *)sig; + const struct public_key *pk; + struct key *key; + int ret; + + if (siglen <=3D sizeof(*hdr)) + return -EBADMSG; + + key =3D request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); + if (IS_ERR(key)) + return PTR_ERR(key); + pk =3D asymmetric_key_public_key(key); + + ret =3D asymmetric_verify_common(key, pk, sig, siglen, data, datalen); + + key_put(key); + + return ret; +} + /* * calc_file_id_hash - calculate the hash of the ima_file_id struct data * @type: xattr type [enum evm_ima_xattr_type] --=20 2.53.0 From nobody Sun Jun 14 20:11:20 2026 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A087C3845BC; Sun, 5 Apr 2026 23:12:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775430772; cv=none; b=pm0jDpPBfW6bLTusecTYvyEW4O2BXKvsfVN4698bZAaMvw/p50nIqQVLsOXPcXI9Ye3M/YOsEb5gsw2Qp2JKB6EBgYcqB2OOnnO+iJFOPko+ij9/cbcWV8Txb9HBVid3XbsBCBGbEZYXfXACXC9b4QQmk1z5ievLr9TGDAg3nAQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775430772; c=relaxed/simple; bh=dn53yqD4Wjmd6Y+hzxn3Ebd4wRsg5tAZZnZygTLFDzA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lTN0yhr1wfa7WzjDQX2Ul0JVidd4V5Nq6ZCytViXq5WDj86VZ67T0YbS/a6SPIxfD0xPTeSDzOjzWUlRS2u41QPaS5m10A8H3JMXMyifAvOThjIrPWhxbljJnGl2C+0gqqwrYtAtWtuX7bRgjmyjU/5a4OsuVkTrwpymfiffZIs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=j9/sZUyT; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="j9/sZUyT" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 635MtUGd3691761; Sun, 5 Apr 2026 23:12:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ds8sox4K1GduJHJ76 em70Ce1TsAyhn2hJfA0Nmii33Y=; b=j9/sZUyTpzgb7LI2lsnJ2tRF2WYqetzcz eqtTcD4hfJqn6dF1KJxPY0BJuHfVHOEScdqmyYakRpTA1oVcDDGnrD3P5C8u12vl EngesoReGeGRoQdjr02vuCwRNUN1ozKCiy5d7RPBvKNXkOSvfv9YvXIH5C5fbLiH C2/Hp3n5quFqOLXOXTuw70ZHqhFORoy9L5vDwfLF0EG2UdslBr6yzyEx2bA0M4/l GxxZILWm9s4wdvxZbsW9Av07WAbq0mJ8TcOCSMxXs74vZbmIwxD2CsNTfMy5kbL5 4aRo7wqtTmneBAC7jMYwUHS/HKtWpU4ER85lW+rsTmpCf7ekULTcA== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4das2bv9rv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Apr 2026 23:12:37 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 635LVjFe018571; Sun, 5 Apr 2026 23:12:36 GMT Received: from smtprelay02.wdc07v.mail.ibm.com ([172.16.1.69]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4dbcystt7u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Apr 2026 23:12:36 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay02.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 635NCZFF16908838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 5 Apr 2026 23:12:35 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1197A5805B; Sun, 5 Apr 2026 23:12:35 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5E5E858059; Sun, 5 Apr 2026 23:12:34 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Sun, 5 Apr 2026 23:12:34 +0000 (GMT) From: Stefan Berger To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org, zohar@linux.ibm.com, roberto.sassu@huawei.com, ebiggers@kernel.org, Stefan Berger Subject: [PATCH 3/3] integrity: Add support for sigv3 verification using ML-DSA keys Date: Sun, 5 Apr 2026 19:12:24 -0400 Message-ID: <20260405231224.4008298-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260405231224.4008298-1-stefanb@linux.ibm.com> References: <20260405231224.4008298-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 9krQvPjCsB-EYXjdgyggbp37_aS2no4i X-Proofpoint-GUID: 9krQvPjCsB-EYXjdgyggbp37_aS2no4i X-Authority-Analysis: v=2.4 cv=U9qfzOru c=1 sm=1 tr=0 ts=69d2ec65 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VwQbUJbxAAAA:8 a=VnNF1IyMAAAA:8 a=X1lcmyak3i-AM5LTbrQA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDA1MDIzNyBTYWx0ZWRfXxqlGtebHMVQ6 m5P9TDMJBAv0a0qOo3AizCnsDyOLNxUVsM1JPM2HaRvF1gnZ/GFzYH8EgjgL2Zb9w6IoWud1Zie 4E2K76SLxXfxrALit4o77Q/+aOT8HjyuYgS3f0ykhgMJu1n1YYbXjJvEVMHkAsCgJVWVcMZg+S+ OjWGx4fQUKWzI94FDiocW+Xt9mQcEcUmRU9LEnn6AiZ9z6ucLR/JNKst+4uh1IiXSyHtwwNEwX6 Xo+ynGchK6miWx7Sn0XnsJ1aAQPi6RRf9L7Zxh167J26qXHcG9DdtLV6XzXPN4Sc97p63YDkngK 93lA5sZWJbyr9TuwXLO6oZUhsawBSeDkUe5N2GbsU3eXO/n9rZfiP2DxcXH7WwKG7Fw/PEImSBL i0NbrB24DhKTUW2AD6tUrJzFfV6oTcjzy51SSSH17GmdYhqTEEaCLOorbFgFdn5CmB42EpWy57x OKNe7sgNgGQvPxWWTlQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-05_07,2026-04-03_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 malwarescore=0 clxscore=1015 adultscore=0 suspectscore=0 spamscore=0 priorityscore=1501 impostorscore=0 lowpriorityscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604050237 Content-Type: text/plain; charset="utf-8" Add support for sigv3 signature verification using ML-DSA in pure mode. When a sigv3 signature is verified, first check whether the key to use for verification is an ML-DSA key and therefore uses a hashless signature verification scheme. The hashless signature verification method uses the ima_file_id structure directly for signature verification rather than its digest. Suggested-by: Eric Biggers Signed-off-by: Stefan Berger --- security/integrity/digsig_asymmetric.c | 84 ++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 5 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/di= gsig_asymmetric.c index e29ed73f15cd..e25534117c16 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -190,17 +190,91 @@ static int calc_file_id_hash(enum evm_ima_xattr_type = type, return rc; } =20 +/* + * asymmetric_verify_v3_hashless - Use hashless signature verification on = sigv3 + * @key: The key to use for signature verification + * @pk: The associated public key + * @encoding: The encoding the key type uses + * @sig: The signature + * @siglen: The length of the xattr signature + * @algo: The hash algorithm + * @digest: The file digest + * + * Create an ima_file_id structure and use it for signature verification + * directly. This can be used for ML-DSA in pure mode for example. + */ +static int asymmetric_verify_v3_hashless(struct key *key, + const struct public_key *pk, + const char *encoding, + const char *sig, int siglen, + u8 algo, + const u8 *digest) +{ + struct signature_v2_hdr *hdr =3D (struct signature_v2_hdr *)sig; + struct ima_file_id file_id =3D { + .hash_type =3D hdr->type, + .hash_algorithm =3D algo, + }; + size_t digest_size =3D hash_digest_size[algo]; + struct public_key_signature pks =3D { + .m =3D (u8 *)&file_id, + .m_size =3D sizeof(file_id) - (HASH_MAX_DIGESTSIZE - digest_size), + .s =3D hdr->sig, + .s_size =3D siglen - sizeof(*hdr), + .pkey_algo =3D pk->pkey_algo, + .hash_algo =3D hash_algo_name[hdr->hash_algo], + .encoding =3D encoding, + }; + int ret; + + if (hdr->type !=3D IMA_VERITY_DIGSIG && + hdr->type !=3D EVM_IMA_XATTR_DIGSIG && + hdr->type !=3D EVM_XATTR_PORTABLE_DIGSIG) + return -EINVAL; + + if (pks.s_size !=3D be16_to_cpu(hdr->sig_size)) + return -EBADMSG; + + memcpy(file_id.hash, digest, digest_size); + + ret =3D verify_signature(key, &pks); + pr_debug("%s() =3D %d\n", __func__, ret); + return ret; +} + int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen, const char *data, int datalen, u8 algo) { struct signature_v2_hdr *hdr =3D (struct signature_v2_hdr *)sig; struct ima_max_digest_data hash; + const struct public_key *pk; + struct key *key; int rc; =20 - rc =3D calc_file_id_hash(hdr->type, algo, data, &hash); - if (rc) - return -EINVAL; + if (siglen <=3D sizeof(*hdr)) + return -EBADMSG; + + key =3D request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); + if (IS_ERR(key)) + return PTR_ERR(key); =20 - return asymmetric_verify(keyring, sig, siglen, hash.digest, - hash.hdr.length); + pk =3D asymmetric_key_public_key(key); + if (!strncmp(pk->pkey_algo, "mldsa", 5)) { + rc =3D asymmetric_verify_v3_hashless(key, pk, "raw", + sig, siglen, algo, data); + } else { + rc =3D calc_file_id_hash(hdr->type, algo, data, &hash); + if (rc) { + rc =3D -EINVAL; + goto err_exit; + } + + rc =3D asymmetric_verify_common(key, pk, sig, siglen, hash.digest, + hash.hdr.length); + } + +err_exit: + key_put(key); + + return rc; } --=20 2.53.0