lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <58a980d7-ce90-2333-d5ae-014919e6c5d0@linux.ibm.com>
Date:   Thu, 11 Feb 2021 13:18:46 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     dhowells@...hat.com
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        patrick@...terwijk.org, linux-integrity@...r.kernel.org,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@...r.kernel.org>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>
Subject: Re: [PATCH v7 3/4] x509: Add support for parsing x509 certs with
 ECDSA keys

On 2/11/21 12:30 PM, Stefan Berger wrote:
> On 2/11/21 3:03 AM, kernel test robot wrote:
>> Hi Stefan,
>>
>> Thank you for the patch! Yet something to improve:
>>
>>>> crypto/asymmetric_keys/public_key.c:97: undefined reference to 
>>>> `parse_OID'
>
>
> So the issue is that  only ASYMMETRIC_PUBLIC_KEY_SUBTYPE is selected 
> in this config and the selection of OID_REGISTRY is missing. I am not 
> sure whether ASYMMETRIC_PUBLIC_KEY_SUBTYPE should/could select 
> OID_REGISTRY or whether that would be wrong... ?


David,

   if the above is not desired then the following change would let us 
get rid of the offending parse_OID(). The below change is only for NIST 
p192 in this experiment but shows that we need to add additional 
strcmp() cases in x509_check_for_self_signed() since 
cert->sig->pkey_algo is set to "ecdsa". I am not sure whether we should 
derive from the signature which curve was used to create the signature 
so that cert->sig->pkey_algo could be more specific and the simple 
existing strcmp() would pass. So two possible ways to go forward. Which 
way should we go?

    Stefan


diff --git a/crypto/asymmetric_keys/x509_cert_parser.c 
b/crypto/asymmetric_keys/x509_cert_parser.c
index 0aff4e584b11..71d83bb345c4 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -505,6 +505,8 @@ int x509_extract_key_data(void *context, size_t hdrlen,
                         ctx->cert->pub->pkey_algo = "sm2";
                         break;
                 case OID_id_prime192v1:
+                       ctx->cert->pub->pkey_algo = "ecdsa-nist-p192";
+                       break;
                 case OID_id_prime256v1:
                         ctx->cert->pub->pkey_algo = "ecdsa";
                         break;
diff --git a/crypto/asymmetric_keys/x509_public_key.c 
b/crypto/asymmetric_keys/x509_public_key.c
index ae450eb8be14..3ebeed195b61 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -129,7 +129,10 @@ int x509_check_for_self_signed(struct 
x509_certificate *cert)
         }

         ret = -EKEYREJECTED;
-       if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)
+printk(KERN_INFO "%s: %s ==? %s\n", __func__, cert->pub->pkey_algo, 
cert->sig->pkey_algo);
+       if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0 &&
+           strncmp(cert->pub->pkey_algo, "ecdsa-nist-p", 12) != 0 &&
+           strcmp(cert->sig->pkey_algo, "ecdsa") != 0)
                 goto out;

         ret = public_key_verify_signature(cert->pub, cert->sig);


>
>
>     Stefan
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ