| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D1KRILI1KRQ8.2CNPU7PFES0VI@kernel.org>
Date: Tue, 28 May 2024 00:58:54 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jarkko Sakkinen" <jarkko@...nel.org>, "Herbert Xu"
<herbert@...dor.apana.org.au>
Cc: <linux-crypto@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>,
"Stefan Berger" <stefanb@...ux.ibm.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] crypto: ecdsa: Fix the public key format description
On Tue May 28, 2024 at 12:05 AM EEST, Jarkko Sakkinen wrote:
> On Mon May 27, 2024 at 11:28 PM EEST, Jarkko Sakkinen wrote:
> > Public key blob is not just x and y concatenated. It follows RFC5480
> > section 2.2. Address this by re-documenting the function with the
> > correct description of the format.
> >
> > Link: https://datatracker.ietf.org/doc/html/rfc5480
> > Fixes: 4e6602916bc6 ("crypto: ecdsa - Add support for ECDSA signature verification")
> > Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
> > ---
> > It is a bug fix that does not really need a stable backport. Still
> > categorizes as a bug because by following the existing documentation
> > you end up with an error code.
> > crypto/ecdsa.c | 5 ++---
> > 1 file changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> > index 258fffbf623d..55114146ff84 100644
> > --- a/crypto/ecdsa.c
> > +++ b/crypto/ecdsa.c
> > @@ -215,9 +215,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx)
> > }
> >
> > /*
> > - * Set the public key given the raw uncompressed key data from an X509
> > - * certificate. The key data contain the concatenated X and Y coordinates of
> > - * the public key.
> > + * Set the public ECC key as defined by RFC5480 section 2.2 "Subject Public
> > + * Key". Only the uncompressed format is supported.
> > */
> > static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen)
> > {
>
> Based on this, is this now along the lines of correct format":
>
> *ptr++ = 0x04; /* uncompressed */
> ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)], &x[0], x_size);
> ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)], &x[x_size + 2], x_size);
> in_len = ptr - in;
> ret = crypto_akcipher_set_pub_key(tfm, in, in_len);
I fixed up the above as it should be only single octect string to this:
ptr = &in[0];
*ptr++ = 0x04; /* uncompressed */
ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)],
&data[0], 2 * x_size);
in_len = ptr - in;
pr_info("in_len=%u\n", in_len);
ret = crypto_akcipher_set_pub_key(tfm, in, in_len);
crypto_free_akcipher(tfm);
It fails in:
ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
if (ndigits != ctx->curve->g.ndigits)
return -EINVAL;
I checked that in_len=67.
The tfm is deleted at instant because the above code is part of *_query.
TPM2 ECDSA asymmetric key that way that signature verification will work
when it is needed. The key type signs with TPM and verifies with the
software cipher.
BR, Jarkko
Powered by blists - more mailing lists