From: Jarkko Sakkinen <jarkko@kernel.org>
To: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Gilad Ben-Yossef <gilad@benyossef.com>,
Eric Biggers <ebiggers@google.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] KEYS: asymmetric: enforce SM2 signature use pkey algo
Date: Fri, 1 Jul 2022 02:13:48 +0300 [thread overview]
Message-ID: <Yr4uLEmN0Jeh3dGC@kernel.org> (raw)
In-Reply-To: <20220628033720.43847-1-tianjia.zhang@linux.alibaba.com>
On Tue, Jun 28, 2022 at 11:37:20AM +0800, Tianjia Zhang wrote:
> The signature verification of SM2 needs to add the Za value and
> recalculate sig->digest, which requires the detection of the pkey_algo
> in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
> field in sig is attacker-controlled and should be use pkey->pkey_algo
> instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
> will also cause signature verification failure.
>
> The software_key_determine_akcipher() already forces the algorithms
> are matched, so the SM3 algorithm is enforced in the SM2 signature,
> although this has been checked, we still avoid using any algorithm
> information in the signature as input.
>
> Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
> Reported-by: Eric Biggers <ebiggers@google.com>
> Cc: stable@vger.kernel.org # v5.10+
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
> crypto/asymmetric_keys/public_key.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index 7c9e6be35c30..2f8352e88860 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -304,6 +304,10 @@ static int cert_sig_digest_update(const struct public_key_signature *sig,
>
> BUG_ON(!sig->data);
>
> + /* SM2 signatures always use the SM3 hash algorithm */
> + if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0)
> + return -EINVAL;
> +
> ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID,
> SM2_DEFAULT_USERID_LEN, dgst);
> if (ret)
> @@ -414,8 +418,7 @@ int public_key_verify_signature(const struct public_key *pkey,
> if (ret)
> goto error_free_key;
>
> - if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 &&
> - sig->data_size) {
> + if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) {
> ret = cert_sig_digest_update(sig, tfm);
> if (ret)
> goto error_free_key;
> --
> 2.24.3 (Apple Git-128)
>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
prev parent reply other threads:[~2022-06-30 23:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-28 3:37 [PATCH v3] KEYS: asymmetric: enforce SM2 signature use pkey algo Tianjia Zhang
2022-06-30 23:13 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yr4uLEmN0Jeh3dGC@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=ebiggers@google.com \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tianjia.zhang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.