From: Vitaly Chikunov <vt@altlinux.org>
To: keyrings@vger.kernel.org, Jarkko Sakkinen <jarkko@kernel.org>,
David Howells <dhowells@redhat.com>,
linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org,
Eric Biggers <ebiggers@kernel.org>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [RFC PATCH] KEYS: Double max_size to make keyctl pkey_verify work
Date: Thu, 3 Feb 2022 03:07:07 +0300 [thread overview]
Message-ID: <20220203000707.okvycfr24phj2bjl@altlinux.org> (raw)
In-Reply-To: <20220202212437.mlj4cta4voqiqfpf@altlinux.org>
JFYI,
On Thu, Feb 03, 2022 at 12:24:37AM +0300, Vitaly Chikunov wrote:
> On Wed, Feb 02, 2022 at 07:55:43AM -0500, Stefan Berger wrote:
> > On 2/2/22 01:59, Vitaly Chikunov wrote:
> > > Rarely used `keyctl pkey_verify' can verify raw signatures, but was
> > > failing, because ECDSA/EC-RDSA signature sizes are twice key sizes which
> > > does not pass in/out sizes check in keyctl_pkey_params_get_2.
> > > This in turn because these values cannot be distinguished by a single
> > > `max_size' callback return value.
> > > Also, `keyctl pkey_query` displays incorrect `max_sig_size' about these
> > > algorithms.
> > >
> > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> >
> > How do you use pkey_query?
> >
> > $ keyctl padd asymmetric testkey %keyring:test < cert.der
> > 385037223
>
> It should be (for RSA key):
>
> keyctl pkey_query 385037223 0 enc=pkcs1 hash=sha256
>
> `0` is placeholder for a password.
>
> For example, I generated keys with your eckey-testing/generate.sh, and
> pkey_query after this patch is applied:
>
> # keyctl padd asymmetric "" @u < ecdsa-ca/ca.crt.der
> 66509339
> # keyctl pkey_query 66509339 0 enc=x962 hash=sha256
> key_size=256
> max_data_size=64
> max_sig_size=64
> max_enc_size=32
> max_dec_size=32
> encrypt=y
> decrypt=n
> sign=n
> verify=y
>
> W/o patch max_data_size= and max_sig_size= will be 32.
In case someone wants to reproduce `keyctl pkey_verify`, there are steps:
1. Keys are generated using ima-evm-utils tests suite, for example
test-gost2012_512-A.cer:
$ base64 test-gost2012_512-A.cer
MIIB/DCCAWagAwIBAgIUK8+whWevr3FFkSdU9GLDAM7ure8wDAYIKoUDBwEBAwMFADARMQ8wDQYD
VQQDDAZDQSBLZXkwIBcNMjIwMjAxMjIwOTQxWhgPMjA4MjEyMDUyMjA5NDFaMBExDzANBgNVBAMM
BkNBIEtleTCBoDAXBggqhQMHAQEBAjALBgkqhQMHAQIBAgEDgYQABIGALXNrTJGgeErBUOov3Cfo
IrHF9fcj8UjzwGeKCkbCcINzVUbdPmCopeJRHDJEvQBX1CQUPtlwDv6ANjTTRoq5nCk9L5PPFP1H
z73JIXHT0eRBDVoWy0cWDRz1mmQlCnN2HThMtEloaQI81nTlKZOcEYDtDpi5WODmjEeRNQJMdqCj
UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFCwfOITMbE9VisW1i2TYeu1tAo5QMB8GA1UdIwQY
MBaAFCwfOITMbE9VisW1i2TYeu1tAo5QMAwGCCqFAwcBAQMDBQADgYEAmBfJCMTdC0/NSjz4BBiQ
qDIEjomO7FEHYlkX5NGulcF8FaJW2jeyyXXtbpnub1IQ8af1KFIpwoS2e93LaaofxpWlpQLlju6m
KYLOcO4xK3Whwa2hBAz9YbpUSFjvxnkS2/jpH2MsOSXuUEeCruG/RkHHB3ACef9umG6HCNQuAPY=
2. Hash and raw signature generated using openssl dgst:
$ head -123c /dev/zero > foo.data
$ openssl dgst -md_gost12_512 -out foo.hash512 -binary foo.data
$ openssl dgst -md_gost12_512 -sign test-gost2012_512-A.key -out foo.sign512 -binary foo.data
This may require configuring openssl to support engine, so there are resulting files:
$ base64 foo.data
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA
$ base64 foo.hash512
CZEpA3sP+swJIsahmsA2GX/GDp+4Ibt8c/Oli01NbTXmSyjbC0yivmouDW+LfqckewMKiKWCdNIE
aY4cxfy4sQ==
$ base64 foo.sign512
WNz9w7qmCvL/UG4uuCnj57C9udLRz1JXQLTOflpVa3fHPrp0qLBhoiLAdMtDr0AHPAsIlGS0vb9o
vJIxtlGsimeqlAfffIpfmvu1oD/tqOT5NRa7xANT7tW2V9jiMRWt887dDSX+QBARcmXNwe07reoX
Ko8xWMZ8xvOqWEuVPPw=
3. Then (with this patch applied, I run in virtme):
# k=`keyctl padd asymmetric "" @u < test-gost2012_512-A.cer`
# keyctl pkey_verify $k 0 foo.hash512 foo.sign512 enc=raw hash=streebog512
This gives exit 0. Test failure (due to wrong hash):
# keyctl pkey_verify $k 0 foo.sign512 foo.sign512 enc=raw hash=streebog512
keyctl_pkey_verify: Bad message
Thanks,
next prev parent reply other threads:[~2022-02-03 0:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 6:59 [RFC PATCH] KEYS: Double max_size to make keyctl pkey_verify work Vitaly Chikunov
2022-02-02 12:55 ` Stefan Berger
2022-02-02 21:24 ` Vitaly Chikunov
2022-02-02 22:38 ` Vitaly Chikunov
2022-02-03 3:42 ` Stefan Berger
2022-02-03 0:07 ` Vitaly Chikunov [this message]
2022-02-20 23:31 ` Jarkko Sakkinen
2022-02-03 3:15 ` Stefan Berger
2022-02-03 3:34 ` Vitaly Chikunov
2022-02-20 23:29 ` Jarkko Sakkinen
2022-02-21 2:43 ` Vitaly Chikunov
2022-02-25 19:47 ` Stefan Berger
2022-02-20 23:25 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220203000707.okvycfr24phj2bjl@altlinux.org \
--to=vt@altlinux.org \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).