lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 5 Mar 2021 10:04:31 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Cc:     linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@...r.kernel.org>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        David Howells <dhowells@...hat.com>,
        "open list:KEYS-TRUSTED" <keyrings@...r.kernel.org>,
        "davem@...emloft.net" <davem@...emloft.net>,
        Herbert Xu <herbert@...dor.apana.org.au>
Subject: Re: [PATCH v9 2/9] x509: Detect sm2 keys by their parameters OID

On 3/5/21 2:37 AM, Tianjia Zhang wrote:
> Hi,
>
> On 3/4/21 7:46 AM, Stefan Berger wrote:
>> Tianjia,
>>
>>     can you say whether SM2 support works for you before and after 
>> applying this patch? I cannot verify it with an sm2 key I have 
>> created using a sequence of commands like this:
>>
>>  > modprobe sm2_generic
>>  > id=$(keyctl newring test @u)
>>  > keyctl padd asymmetric "" $id < sm2.der
>> add_key: Key was rejected by service
>>  > keyctl padd asymmetric "" $id < eckeys/cert-prime192v1-0.der
>> 88506426
>>
>> The sm2 key is reject but the pime192v1 key works just fine. SM2 
>> support neither worked for me before nor after this patch here. The 
>> difference is that before it returned 'add_key: Package not installed'.
>>
>> This is my sm2 cert:
>>
>>  > base64 < sm2.der
>> MIIBbzCCARWgAwIBAgIUfqwndeAy7reymWLwvCHOgYPU2YUwCgYIKoZIzj0EAwIwDTELMAkGA1UE 
>>
>> AwwCbWUwHhcNMjEwMTI0MTgwNjQ3WhcNMjIwMTI0MTgwNjQ3WjANMQswCQYDVQQDDAJtZTBZMBMG 
>>
>> ByqGSM49AgEGCCqBHM9VAYItA0IABEtiMaczdk46MEugmOsY/u+puf5qoi7JdLd/w3VpdixvDd26 
>>
>> vrxLKL7lCTVn5w3a07G7QB1dgdMDpzIRgWrVXC6jUzBRMB0GA1UdDgQWBBSxOVnE7ihvTb6Nczb4 
>>
>> /mow+HIc9TAfBgNVHSMEGDAWgBSxOVnE7ihvTb6Nczb4/mow+HIc9TAPBgNVHRMBAf8EBTADAQH/ 
>>
>> MAoGCCqGSM49BAMCA0gAMEUCIE1kiji2ABUy663NANe0iCPjCeeqg02Yk4b3K+Ci/Qh4AiEA/cFB 
>>
>> eJEVklyveRMvuTP7BN7FG4U8iRdtedjiX+YrNio=
>>
>> Regards,
>>     Stefan
>>
>
> Yes, it works fine here. Your test method may be wrong. First of all, 
> the certificate looks wrong, I don’t know if it is not sent 
> completely. Secondly, the SM2 algorithm must be compiled with builtin. 
> There will be a problem when it is compiled into a module. This is a 
> restriction for SM2 signature with Za. you may refer to this discussion:
>
> https://lkml.org/lkml/2021/1/12/1736
>
> In addition, give you a self-signed root certificate for my test:
>
> -----BEGIN CERTIFICATE-----
> MIICLjCCAdWgAwIBAgIUEoozP6LzMYWh4gCpcWlzsUyfgsIwCgYIKoEcz1UBg3Uw
> bTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdTMQswCQYDVQQHDAJHdDENMAsGA1UE
> CgwEYmFiYTELMAkGA1UECwwCT1MxCzAJBgNVBAMMAmNhMRswGQYJKoZIhvcNAQkB
> FgxjYUB3b3JsZC5jb20wHhcNMjAwNDE1MTE1NDA3WhcNMzAwNDEzMTE1NDA3WjBt
> MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR1MxCzAJBgNVBAcMAkd0MQ0wCwYDVQQK
> DARiYWJhMQswCQYDVQQLDAJPUzELMAkGA1UEAwwCY2ExGzAZBgkqhkiG9w0BCQEW
> DGNhQHdvcmxkLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMTGRiHezKm5
> MiKHlyfa5Bv5jLxge/WRRG0nLNsZx1yf0XQTQBR/tFFjPGePEr7+Fa1CPgYpXExx
> i44coYMmQT6jUzBRMB0GA1UdDgQWBBSjd9GWIe98Ll9J0dquxgCktp9DrTAfBgNV
> HSMEGDAWgBSjd9GWIe98Ll9J0dquxgCktp9DrTAPBgNVHRMBAf8EBTADAQH/MAoG
> CCqBHM9VAYN1A0cAMEQCIAvLWIfGFq85u/vVMLc5H1D/DnrNS0VhSkQA4daRO4tc
> AiABbeWENcQZDZLWTuqG9P2KDPOoNqV/QV/+0XjMAVblhg==
> -----END CERTIFICATE-----
>
> If you can, please add:
>
> Tested-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
>
> good luck!


It works with your certificate! When I create the sm2 with OpenSSL on 
Ubuntu, which seems to have sm2 support, or so one may think, I get this 
type of signature:


I cannot create it with sm3, if that's how this is supposed to be signed:

 > # openssl req -x509 -sm3 -newkey ec -pkeyopt ec_paramgen_curve:sm2 
-keyout sm2key.pem -days 365 -subj '/CN=test' -nodes -outform der -out 
sm2.der
parameter error "ec_paramgen_curve:sm2"
140735899258064:error:100AE081:elliptic curve 
routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:418:
140735899258064:error:100C508D:elliptic curve 
routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231:


Using sha256 instead, which is the mistake:

 > openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:sm2 
-keyout sm2key.pem -days 365 -subj '/CN=test' -nodes -outform der -out 
sm2-2nd.der

 > openssl x509 -inform der -in sm2-2nd.der -noout -text

[...]

     Signature Algorithm: ecdsa-with-SHA256
          30:45:02:20:05:72:15:b0:e8:f5:5a:27:d2:fb:f9:de:de:35:
          05:b2:76:8a:6f:84:c1:54:db:c2:38:8c:d2:64:8b:67:23:01:
          02:21:00:97:77:9e:42:fa:41:3d:d4:81:5e:5b:ad:9e:56:ad:
          46:fc:5e:94:92:a6:07:2d:af:62:d2:2d:39:7b:71:f1:4a


Yours has this type of signature:

     Signature Algorithm: 1.2.156.10197.1.501
          30:44:02:20:0b:cb:58:87:c6:16:af:39:bb:fb:d5:30:b7:39:
          1f:50:ff:0e:7a:cd:4b:45:61:4a:44:00:e1:d6:91:3b:8b:5c:
          02:20:01:6d:e5:84:35:c4:19:0d:92:d6:4e:ea:86:f4:fd:8a:
          0c:f3:a8:36:a5:7f:41:5f:fe:d1:78:cc:01:56:e5:86

Thanks anyway!


    Stefan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ