lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D1KRILI1KRQ8.2CNPU7PFES0VI@kernel.org>
Date: Tue, 28 May 2024 00:58:54 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jarkko Sakkinen" <jarkko@...nel.org>, "Herbert Xu"
 <herbert@...dor.apana.org.au>
Cc: <linux-crypto@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>,
 "Stefan Berger" <stefanb@...ux.ibm.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] crypto: ecdsa: Fix the public key format description

On Tue May 28, 2024 at 12:05 AM EEST, Jarkko Sakkinen wrote:
> On Mon May 27, 2024 at 11:28 PM EEST, Jarkko Sakkinen wrote:
> > Public key blob is not just x and y concatenated. It follows RFC5480
> > section 2.2. Address this by re-documenting the function with the
> > correct description of the format.
> >
> > Link: https://datatracker.ietf.org/doc/html/rfc5480
> > Fixes: 4e6602916bc6 ("crypto: ecdsa - Add support for ECDSA signature verification")
> > Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
> > ---
> > It is a bug fix that does not really need a stable backport. Still
> > categorizes as a bug because by following the existing documentation
> > you end up with an error code.
> >  crypto/ecdsa.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> > index 258fffbf623d..55114146ff84 100644
> > --- a/crypto/ecdsa.c
> > +++ b/crypto/ecdsa.c
> > @@ -215,9 +215,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx)
> >  }
> >  
> >  /*
> > - * Set the public key given the raw uncompressed key data from an X509
> > - * certificate. The key data contain the concatenated X and Y coordinates of
> > - * the public key.
> > + * Set the public ECC key as defined by RFC5480 section 2.2 "Subject Public
> > + * Key". Only the uncompressed format is supported.
> >   */
> >  static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen)
> >  {
>
> Based on this, is this now along the lines of correct format":
>
>        *ptr++ = 0x04; /* uncompressed */
>        ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)], &x[0], x_size);
>        ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)], &x[x_size + 2], x_size);
>        in_len = ptr - in;
>        ret = crypto_akcipher_set_pub_key(tfm, in, in_len);


I fixed up the above as it should be only single octect string to this:

	ptr = &in[0];
        *ptr++ = 0x04; /* uncompressed */
        ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)],
                                       &data[0], 2 * x_size);
        in_len = ptr - in;
        pr_info("in_len=%u\n", in_len);
        ret = crypto_akcipher_set_pub_key(tfm, in, in_len);
        crypto_free_akcipher(tfm);

It fails in:

	ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
	if (ndigits != ctx->curve->g.ndigits)
		return -EINVAL;

I checked that in_len=67.

The tfm is deleted at instant because the above code is part of *_query.
TPM2 ECDSA asymmetric key that way that signature verification will work
when it is needed. The key type signs with TPM and verifies with the
software cipher.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ